General
-
Target
4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79
-
Size
2.7MB
-
Sample
220215-qzj4saggel
-
MD5
84f53b26739d97cbdcd526c5ec88715d
-
SHA1
ab1d8d6a13e3c2793408944a83e4dec04a919f14
-
SHA256
4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79
-
SHA512
b825c54e4806165392bc9aff674cf88774e977ac7cf1ec3b40dab4fa04f1c120d1d637a2892a86dd55ffc5a1e26cf2e4e23251c99cd03bd213ba39b0c66dcaca
Static task
static1
Behavioral task
behavioral1
Sample
4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79
-
Size
2.7MB
-
MD5
84f53b26739d97cbdcd526c5ec88715d
-
SHA1
ab1d8d6a13e3c2793408944a83e4dec04a919f14
-
SHA256
4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79
-
SHA512
b825c54e4806165392bc9aff674cf88774e977ac7cf1ec3b40dab4fa04f1c120d1d637a2892a86dd55ffc5a1e26cf2e4e23251c99cd03bd213ba39b0c66dcaca
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-