General
-
Target
d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9
-
Size
2.7MB
-
Sample
220215-gj1xxsbdh4
-
MD5
56c1adc0374d7a9b4c490de2ac89f1a8
-
SHA1
d42e0f06b86f040ff945e4d94991101455299dd0
-
SHA256
d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9
-
SHA512
bee35ec98847c635a856d34bdfe4e7cf9c46af83de1e08710ef32136c81f5e6449a93241bc331dba6e8509c4665577f79d2768dbf4d272379800e0b9cf912311
Static task
static1
Behavioral task
behavioral1
Sample
d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9
-
Size
2.7MB
-
MD5
56c1adc0374d7a9b4c490de2ac89f1a8
-
SHA1
d42e0f06b86f040ff945e4d94991101455299dd0
-
SHA256
d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9
-
SHA512
bee35ec98847c635a856d34bdfe4e7cf9c46af83de1e08710ef32136c81f5e6449a93241bc331dba6e8509c4665577f79d2768dbf4d272379800e0b9cf912311
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-