General
-
Target
d6fcd542f08a38318740d91912a671431de6b96e52e69e24fc2e7a25d7ea3ad3
-
Size
2.6MB
-
Sample
220215-geqldscgfn
-
MD5
0591112928807f431a46e19b49ee80d7
-
SHA1
29e8358b83531dfe9ce3d1fd3556e3ae36f482dd
-
SHA256
d6fcd542f08a38318740d91912a671431de6b96e52e69e24fc2e7a25d7ea3ad3
-
SHA512
c4bed7ca5ccd4dad9ce7ade15a76218bcd2577a78aa34d6b3c6f2a4da65dadaa9c32f51bdb201afb9da0a39d62ea03490d968e52940ff29b363b72a2e542bcca
Static task
static1
Behavioral task
behavioral1
Sample
d6fcd542f08a38318740d91912a671431de6b96e52e69e24fc2e7a25d7ea3ad3.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
d6fcd542f08a38318740d91912a671431de6b96e52e69e24fc2e7a25d7ea3ad3
-
Size
2.6MB
-
MD5
0591112928807f431a46e19b49ee80d7
-
SHA1
29e8358b83531dfe9ce3d1fd3556e3ae36f482dd
-
SHA256
d6fcd542f08a38318740d91912a671431de6b96e52e69e24fc2e7a25d7ea3ad3
-
SHA512
c4bed7ca5ccd4dad9ce7ade15a76218bcd2577a78aa34d6b3c6f2a4da65dadaa9c32f51bdb201afb9da0a39d62ea03490d968e52940ff29b363b72a2e542bcca
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-