General
-
Target
41a98f1b2ee8d81ec81b8cc9433424a8f7f9f9e513f8bcaab7a7ba1c522313d8
-
Size
2.4MB
-
Sample
220215-rbckgaghfl
-
MD5
a287d97f20d4608c53d2bc5e9d64b94d
-
SHA1
b3a444db0d000a7905987dc445ecfee9bb3990fc
-
SHA256
41a98f1b2ee8d81ec81b8cc9433424a8f7f9f9e513f8bcaab7a7ba1c522313d8
-
SHA512
1a2324eaff128cc6d62686b565bb108b6b4aeab12d662d329ffcc327eac812958b48b8e0b6dc07f1fc3f30597775074db14f6ec556b34a6c8d75810281ac4260
Static task
static1
Behavioral task
behavioral1
Sample
41a98f1b2ee8d81ec81b8cc9433424a8f7f9f9e513f8bcaab7a7ba1c522313d8.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
41a98f1b2ee8d81ec81b8cc9433424a8f7f9f9e513f8bcaab7a7ba1c522313d8
-
Size
2.4MB
-
MD5
a287d97f20d4608c53d2bc5e9d64b94d
-
SHA1
b3a444db0d000a7905987dc445ecfee9bb3990fc
-
SHA256
41a98f1b2ee8d81ec81b8cc9433424a8f7f9f9e513f8bcaab7a7ba1c522313d8
-
SHA512
1a2324eaff128cc6d62686b565bb108b6b4aeab12d662d329ffcc327eac812958b48b8e0b6dc07f1fc3f30597775074db14f6ec556b34a6c8d75810281ac4260
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-