General
-
Target
gcpfqzsczq.dop
-
Size
6.8MB
-
Sample
220622-y9531adag2
-
MD5
cb0e540176159268be4986459091576a
-
SHA1
c512c14e8a2afb15636e7b4c6f30284646b8d456
-
SHA256
fbe44a3401b91f4fa23f2df40e6844931bfc1e8931fefcf301b786788b44a6f4
-
SHA512
a04fc5b10b46bd2cec4ce3ec48b29ca87e3137a3f5e2d3575d18a6282c98a6c9e9e7c9316494fbeb1a4e30ce24842d41c074c3d4c3c122e0378f8259b25a4b1a
Static task
static1
Behavioral task
behavioral1
Sample
gcpfqzsczq.dll
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
gcpfqzsczq.dop
-
Size
6.8MB
-
MD5
cb0e540176159268be4986459091576a
-
SHA1
c512c14e8a2afb15636e7b4c6f30284646b8d456
-
SHA256
fbe44a3401b91f4fa23f2df40e6844931bfc1e8931fefcf301b786788b44a6f4
-
SHA512
a04fc5b10b46bd2cec4ce3ec48b29ca87e3137a3f5e2d3575d18a6282c98a6c9e9e7c9316494fbeb1a4e30ce24842d41c074c3d4c3c122e0378f8259b25a4b1a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-