General
-
Target
e7c38d73ae221bd89f9da8e0e8db70bac34ad6e7f71f3bd7b78432228fcfface.exe
-
Size
10.9MB
-
Sample
220214-ywq2xsbhgq
-
MD5
b26d9fb58f3eecaf0d49b6849e533d73
-
SHA1
3d4627e0fa8a473c5348234bafa8d471b81bb008
-
SHA256
e7c38d73ae221bd89f9da8e0e8db70bac34ad6e7f71f3bd7b78432228fcfface
-
SHA512
ae645ea18a8ee0ff51857cd7dffdfa53f9483fd1a6b30201072f50571629471cbefa80dd19062bc4f0f481397c22b0baafef31fd83221b843004d8791a8a11ec
Static task
static1
Behavioral task
behavioral1
Sample
e7c38d73ae221bd89f9da8e0e8db70bac34ad6e7f71f3bd7b78432228fcfface.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
e7c38d73ae221bd89f9da8e0e8db70bac34ad6e7f71f3bd7b78432228fcfface.exe
-
Size
10.9MB
-
MD5
b26d9fb58f3eecaf0d49b6849e533d73
-
SHA1
3d4627e0fa8a473c5348234bafa8d471b81bb008
-
SHA256
e7c38d73ae221bd89f9da8e0e8db70bac34ad6e7f71f3bd7b78432228fcfface
-
SHA512
ae645ea18a8ee0ff51857cd7dffdfa53f9483fd1a6b30201072f50571629471cbefa80dd19062bc4f0f481397c22b0baafef31fd83221b843004d8791a8a11ec
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-