General
-
Target
5571627843223552.zip
-
Size
2.4MB
-
Sample
220214-sbns6shde5
-
MD5
ff69209f9b7273295709612014281791
-
SHA1
62775657b8b01e2c416c3fad481755152191d449
-
SHA256
b32a72d74944d3b196f0905e74cc233a47f8ebfdb96ddbf71a183d08c3f5475a
-
SHA512
840698896e0f212fd12b928cd8b4bf01c398390b10696deb4e92e7fa2112e3c7e245ebdbfaf0e5ffdefe2ce8e9202d9a4b2fd0ddf7df03b65e7a4f2231383763
Static task
static1
Behavioral task
behavioral1
Sample
dd251dae550a6db360a54a963adb3adf18084b0db5bba7806b5b5ade01de69a3.exe
Resource
win7-en-20211208
Malware Config
Extracted
oski
secureredirectinfo.com
Targets
-
-
Target
dd251dae550a6db360a54a963adb3adf18084b0db5bba7806b5b5ade01de69a3
-
Size
2.5MB
-
MD5
ec370128bc27c7fb5eeccbb7052deca5
-
SHA1
a8abfd836c8e5c4aea8adc4a6000d36ea5b275a0
-
SHA256
dd251dae550a6db360a54a963adb3adf18084b0db5bba7806b5b5ade01de69a3
-
SHA512
2819ab07f2d9d23375b1b43b81e9e5efc85e5b5bb5fedaa98fc7d1f624820b14832c01404d5cc752e2523f0a80ef4de0312fdff3deb585ba0915605541b50e8f
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-