General
-
Target
3ceb966c86934a43bcf79bccfefe087f3aff40d8dc9fab18cbd6d8c7ad292e9f
-
Size
2.7MB
-
Sample
220215-rfpqlaffg3
-
MD5
23a5092fa3cbf14752251aaec42e8b57
-
SHA1
b5bc590b04916378f6b6aaafb0cc8e393fa9b441
-
SHA256
3ceb966c86934a43bcf79bccfefe087f3aff40d8dc9fab18cbd6d8c7ad292e9f
-
SHA512
cf08c9f3d4747dd8c9b30b2e1ec27a1a7542da47890a5e212b108cc4c23338ff6d304140af69f164915695b85ff8b4f172fd168d9ec04370ce8a4a7280a6ebd4
Static task
static1
Behavioral task
behavioral1
Sample
3ceb966c86934a43bcf79bccfefe087f3aff40d8dc9fab18cbd6d8c7ad292e9f.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
3ceb966c86934a43bcf79bccfefe087f3aff40d8dc9fab18cbd6d8c7ad292e9f
-
Size
2.7MB
-
MD5
23a5092fa3cbf14752251aaec42e8b57
-
SHA1
b5bc590b04916378f6b6aaafb0cc8e393fa9b441
-
SHA256
3ceb966c86934a43bcf79bccfefe087f3aff40d8dc9fab18cbd6d8c7ad292e9f
-
SHA512
cf08c9f3d4747dd8c9b30b2e1ec27a1a7542da47890a5e212b108cc4c23338ff6d304140af69f164915695b85ff8b4f172fd168d9ec04370ce8a4a7280a6ebd4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-