General
-
Target
fbo3xfp9z41vwe0tzc0jd
-
Size
8MB
-
Sample
220701-kbaybabgem
-
MD5
ceb7d86b25278e2d828955a398de923c
-
SHA1
21bf41eb81548d5e97ca6e8780f669eb00860d28
-
SHA256
f1f0291aed00e8a997b0e8812f4757abdbd9ba85fd5e98f212b183c9f9c0e849
-
SHA512
7147a8d8d91319b0f1f82043441efe0b2ec4f55fa6ed3cce22851a43f0a3b0a434e41bf5c53b2cd8bbb089bff88c7269d9d1faa2a023308296a5076dd6441274
Static task
static1
Behavioral task
behavioral1
Sample
fbo3xfp9z41vwe0tzc0jd.dll
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
fbo3xfp9z41vwe0tzc0jd
-
Size
8MB
-
MD5
ceb7d86b25278e2d828955a398de923c
-
SHA1
21bf41eb81548d5e97ca6e8780f669eb00860d28
-
SHA256
f1f0291aed00e8a997b0e8812f4757abdbd9ba85fd5e98f212b183c9f9c0e849
-
SHA512
7147a8d8d91319b0f1f82043441efe0b2ec4f55fa6ed3cce22851a43f0a3b0a434e41bf5c53b2cd8bbb089bff88c7269d9d1faa2a023308296a5076dd6441274
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-