General
-
Target
af0d4a19bc18d9002101530069ff92be605f9d2e782c90c3166d156916a75e8c
-
Size
1.5MB
-
Sample
220214-t63fgsacf6
-
MD5
571352cab6f177ac071bfb5a1c76b29c
-
SHA1
524706f5d4ad20c86a0002d58e01714016c8d759
-
SHA256
af0d4a19bc18d9002101530069ff92be605f9d2e782c90c3166d156916a75e8c
-
SHA512
7e380e339021a63f7b163830dc0f5f84dd36d18ff6f91a41e4e42a484d04fb1472b5349060aca65fa3a76f892cf2ed79c992e71ef5f828158b072130a3516630
Static task
static1
Behavioral task
behavioral1
Sample
af0d4a19bc18d9002101530069ff92be605f9d2e782c90c3166d156916a75e8c.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://86.105.252.194/JlAvGw13CF.php
Targets
-
-
Target
af0d4a19bc18d9002101530069ff92be605f9d2e782c90c3166d156916a75e8c
-
Size
1.5MB
-
MD5
571352cab6f177ac071bfb5a1c76b29c
-
SHA1
524706f5d4ad20c86a0002d58e01714016c8d759
-
SHA256
af0d4a19bc18d9002101530069ff92be605f9d2e782c90c3166d156916a75e8c
-
SHA512
7e380e339021a63f7b163830dc0f5f84dd36d18ff6f91a41e4e42a484d04fb1472b5349060aca65fa3a76f892cf2ed79c992e71ef5f828158b072130a3516630
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-