General
-
Target
ca17105454d61b84d3190e76bc9f277e55ca6886ca3f6ec29d8a84b1825c832c
-
Size
8.3MB
-
Sample
220219-nhfzpaadc6
-
MD5
7d3cc71026174675931a2510162da397
-
SHA1
56e330ce592c0a4bcf95ab6c7c7ebfd872bd6a04
-
SHA256
ca17105454d61b84d3190e76bc9f277e55ca6886ca3f6ec29d8a84b1825c832c
-
SHA512
8f7be087ad88682604c8b753d2ec198825dde6cc2ce3a1e1b9e1a36ba3b76bddae7559659b44c6f1bbfc0ef18eadfe241ad593ca95e0164093150abef317ca49
Static task
static1
Malware Config
Targets
-
-
Target
ca17105454d61b84d3190e76bc9f277e55ca6886ca3f6ec29d8a84b1825c832c
-
Size
8.3MB
-
MD5
7d3cc71026174675931a2510162da397
-
SHA1
56e330ce592c0a4bcf95ab6c7c7ebfd872bd6a04
-
SHA256
ca17105454d61b84d3190e76bc9f277e55ca6886ca3f6ec29d8a84b1825c832c
-
SHA512
8f7be087ad88682604c8b753d2ec198825dde6cc2ce3a1e1b9e1a36ba3b76bddae7559659b44c6f1bbfc0ef18eadfe241ad593ca95e0164093150abef317ca49
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-