General
-
Target
Miraki.zip
-
Size
30.1MB
-
Sample
220708-f9prxabear
-
MD5
c8f04da19c11699a8e0edf6e0307c3cb
-
SHA1
f33e3c0cc12cc27b6e00cabd1c572f059bd29d65
-
SHA256
d9533cd0090a5725f589494507415abefd96c6ecd952707542ac8f9cdc9ae542
-
SHA512
4f6e88de16e3e13e118c06ec046cb4780a9a1bbb7f97cada32a5949fbb45a2bce14a434bd05fb18c9435d7116e83db1e40d15cba9331c6e6cb1467c9ff303647
Static task
static1
Malware Config
Targets
-
-
Target
Miraki.exe
-
Size
5.5MB
-
MD5
ff3bbdae11502c14126f39da23606850
-
SHA1
2c1776cfb42c5f246108173cc2a6642af132e176
-
SHA256
7364da9768d59624bab5176b5f676384798cb3e83b84ef0b716c093391f3ce9e
-
SHA512
5f79d74569b8e19f6b25cc15167d4bb14551082fb587805b8c30acbcbf720fd340b754715b8785f98664b6a13a9a7bda231650b71fa308eb2f08d9d9dcaf492a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-