General
-
Target
cdd504038bd64e3fbb83992f14e5fdb7ed7eee125bbde89603f0f02614f9f980
-
Size
3.1MB
-
Sample
220508-k5xn6sdfh7
-
MD5
599ffd620b317da2bcd56b93c92add89
-
SHA1
b375adeca7aa0064ac0f0c650a9419a1afc545de
-
SHA256
cdd504038bd64e3fbb83992f14e5fdb7ed7eee125bbde89603f0f02614f9f980
-
SHA512
fc3c81bba7d9b6ca1cb153910237422b8e58598f52ad06e51f4af3e65a04a48f5f8a870974a82813248ab69c6588d400361fcae94844c9909a31102d648c7ad8
Static task
static1
Behavioral task
behavioral1
Sample
cdd504038bd64e3fbb83992f14e5fdb7ed7eee125bbde89603f0f02614f9f980.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
cdd504038bd64e3fbb83992f14e5fdb7ed7eee125bbde89603f0f02614f9f980
-
Size
3.1MB
-
MD5
599ffd620b317da2bcd56b93c92add89
-
SHA1
b375adeca7aa0064ac0f0c650a9419a1afc545de
-
SHA256
cdd504038bd64e3fbb83992f14e5fdb7ed7eee125bbde89603f0f02614f9f980
-
SHA512
fc3c81bba7d9b6ca1cb153910237422b8e58598f52ad06e51f4af3e65a04a48f5f8a870974a82813248ab69c6588d400361fcae94844c9909a31102d648c7ad8
-
DarkTrack Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-