General
-
Target
Full_File_Pass_1234.rar
-
Size
6.5MB
-
Sample
220707-q5b1csghcq
-
MD5
1ca240f032457f7cd0acec764f11f74d
-
SHA1
6f993e5383e50a9a760e15187e4ebea0ada0ff76
-
SHA256
34a1e0d01353a313d4f8e0b17a889f2ebbc6a6433d66ac86d3d9fc87e27dc78c
-
SHA512
2cdaa3431ecf1398bdd269a9aef487aebbb83bf64db579402b945abf72486feb0fe2b636ee6325704211b657e34518cdef066147fdcbc85ae30b1c750db4dab7
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
392.4MB
-
MD5
715e4579032d354a15836e6778ad39c8
-
SHA1
4d32188a441c71aedc79f15609489285d5414c19
-
SHA256
ef853a8b2e2e2eef69749f08351f36f80402edb6836e0a761bbceadf8291636a
-
SHA512
68bff27c89c2a015b134ee0b038cb4a3a45c5c4f2dcaa367645f541f7ffea3d3c37f3872b32b2e3f801d0e857f2aabdf1bfd3727d009c54e848f8a2cba39982b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-