General
-
Target
52ce26bf711a0d2ea410e325fdb0acc1b81d3305c421b0fa2a882780a0c7c191
-
Size
2.6MB
-
Sample
220215-qnfxzsfcd9
-
MD5
db9f562738a4cd6adbfde0669264da02
-
SHA1
350c4acbd7a7b26e3ef5d4aaaecf660c7a8a07d1
-
SHA256
52ce26bf711a0d2ea410e325fdb0acc1b81d3305c421b0fa2a882780a0c7c191
-
SHA512
35b7d1f9f40e49563092c523a0a27554d22e8587e3378aea46711d20c155ac2746d24c19c15c7db3a915480e04ef738d6d19cac6a5ce1c6b881a506b2ee968e7
Static task
static1
Behavioral task
behavioral1
Sample
52ce26bf711a0d2ea410e325fdb0acc1b81d3305c421b0fa2a882780a0c7c191.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
52ce26bf711a0d2ea410e325fdb0acc1b81d3305c421b0fa2a882780a0c7c191
-
Size
2.6MB
-
MD5
db9f562738a4cd6adbfde0669264da02
-
SHA1
350c4acbd7a7b26e3ef5d4aaaecf660c7a8a07d1
-
SHA256
52ce26bf711a0d2ea410e325fdb0acc1b81d3305c421b0fa2a882780a0c7c191
-
SHA512
35b7d1f9f40e49563092c523a0a27554d22e8587e3378aea46711d20c155ac2746d24c19c15c7db3a915480e04ef738d6d19cac6a5ce1c6b881a506b2ee968e7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-