General
-
Target
51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
-
Size
2.3MB
-
Sample
220213-l5a1vagfe9
-
MD5
dc1f1308759847a3e7161f284431cc5b
-
SHA1
7eec4c3e46e3c39e21d0bec2897ce3da261310f9
-
SHA256
51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
-
SHA512
0e5bd658fbc09fdca030f02d6ab0e9b9f26fa77d6caff41dccbfa583841f23f3a9197d799fb06272fec44e177f879d06cc3cf2cbd0fefca9ebd9c9a53ef8c5c9
Static task
static1
Behavioral task
behavioral1
Sample
51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
-
Size
2.3MB
-
MD5
dc1f1308759847a3e7161f284431cc5b
-
SHA1
7eec4c3e46e3c39e21d0bec2897ce3da261310f9
-
SHA256
51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
-
SHA512
0e5bd658fbc09fdca030f02d6ab0e9b9f26fa77d6caff41dccbfa583841f23f3a9197d799fb06272fec44e177f879d06cc3cf2cbd0fefca9ebd9c9a53ef8c5c9
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-