General
-
Target
c1072380a7f84c66069ef375aed7a1563dccb69950b9b35436712d74a6c99677
-
Size
1.9MB
-
Sample
220215-g8f9tabgc8
-
MD5
38f88448e44f0b6b72e37200eb69a853
-
SHA1
ce6e058f75350f6753f8d1c16ce9573f9491515c
-
SHA256
c1072380a7f84c66069ef375aed7a1563dccb69950b9b35436712d74a6c99677
-
SHA512
99328cdab2c711517340008c538763b1352f8d08144fde9e198ceff05f0d54f0fd5ddf9bc590e447f2e635d5262aae0d7b9e9a580fdcae69c2138049a21078ec
Behavioral task
behavioral1
Sample
c1072380a7f84c66069ef375aed7a1563dccb69950b9b35436712d74a6c99677.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://45.95.235.77/6LuciSfmJZ.php
Targets
-
-
Target
c1072380a7f84c66069ef375aed7a1563dccb69950b9b35436712d74a6c99677
-
Size
1.9MB
-
MD5
38f88448e44f0b6b72e37200eb69a853
-
SHA1
ce6e058f75350f6753f8d1c16ce9573f9491515c
-
SHA256
c1072380a7f84c66069ef375aed7a1563dccb69950b9b35436712d74a6c99677
-
SHA512
99328cdab2c711517340008c538763b1352f8d08144fde9e198ceff05f0d54f0fd5ddf9bc590e447f2e635d5262aae0d7b9e9a580fdcae69c2138049a21078ec
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-