General
-
Target
1.dll.zip
-
Size
2.4MB
-
Sample
220220-3b38zabfd4
-
MD5
fd1bf51557100a8f8cffff2ce8676b9f
-
SHA1
0cbdb736136a9003ba481e135567684c77322dfc
-
SHA256
8ea36732cc1cac6788c09e305636105c2e0df7aadc9a56e09c6547f2d0b7a50e
-
SHA512
0bc6b13555e0efa4ee5b8130944c3498993f61e226db93aac7899d875f3beccb0b53f9d0c52822a5ac8b319965077457ac38c0afee8d39e9158172cb43bc030b
Static task
static1
Malware Config
Targets
-
-
Target
1.dll
-
Size
2.4MB
-
MD5
9d0e393c19ac844780849fc88fabe029
-
SHA1
d3691a9eddeb815e11434baacec1ec70b107a985
-
SHA256
517c1baf108461c975e988f3e89d4e95a92a40bd1268cdac385951af791947ba
-
SHA512
682710a43b5789473b9d11ae8bed46c0c35b88585167a70e094d8b7944be890762a2f0752d47b180d82b7e6778f1e300cb1b5a07e6389d96a6d41816cd60da5d
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-