General
-
Target
3cde734726f325ed80790f88eeef30971a2b92799c710680f034906f807c1b21
-
Size
1.6MB
-
Sample
220714-esa2rafgg9
-
MD5
6a8e345d1d03a3f756161d6d8dfefbb3
-
SHA1
e363a41468963a0fe955faf70c3f77e5859020e5
-
SHA256
3cde734726f325ed80790f88eeef30971a2b92799c710680f034906f807c1b21
-
SHA512
d6e37360357e604d3f379f384861e1bad753f1abe4eeb07fb608a8dee4a7f06495886aab9fc5ff6f4666b78a3bc8fb767b6f6ef7860c55f5d432facc44d1df3f
Static task
static1
Behavioral task
behavioral1
Sample
3cde734726f325ed80790f88eeef30971a2b92799c710680f034906f807c1b21.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
3cde734726f325ed80790f88eeef30971a2b92799c710680f034906f807c1b21
-
Size
1.6MB
-
MD5
6a8e345d1d03a3f756161d6d8dfefbb3
-
SHA1
e363a41468963a0fe955faf70c3f77e5859020e5
-
SHA256
3cde734726f325ed80790f88eeef30971a2b92799c710680f034906f807c1b21
-
SHA512
d6e37360357e604d3f379f384861e1bad753f1abe4eeb07fb608a8dee4a7f06495886aab9fc5ff6f4666b78a3bc8fb767b6f6ef7860c55f5d432facc44d1df3f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-