General
-
Target
airplane.wtf.exe
-
Size
3.8MB
-
Sample
220214-spsz2sbbaq
-
MD5
fb1e695f13801baad5faec13476caea0
-
SHA1
234cbf5fb007db06026223c9bf0dc2a57c633570
-
SHA256
f47b1ed305aa05b5b84e7b994e8e6e5e8013831fec6b8922e8309d5ce28f12bc
-
SHA512
258005109e2b4e8974411c292dc06293783c904649bd61792c814e532cfd578e00a8576cda26158d20718d484774a3362ce0fe6140ddeb30169c28ea506f04ad
Static task
static1
Malware Config
Targets
-
-
Target
airplane.wtf.exe
-
Size
3.8MB
-
MD5
fb1e695f13801baad5faec13476caea0
-
SHA1
234cbf5fb007db06026223c9bf0dc2a57c633570
-
SHA256
f47b1ed305aa05b5b84e7b994e8e6e5e8013831fec6b8922e8309d5ce28f12bc
-
SHA512
258005109e2b4e8974411c292dc06293783c904649bd61792c814e532cfd578e00a8576cda26158d20718d484774a3362ce0fe6140ddeb30169c28ea506f04ad
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-