General
-
Target
c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439.exe
-
Size
13.3MB
-
Sample
220723-3njp4ahgek
-
MD5
fc469f3f0d85aa66eb676f9a9e81b448
-
SHA1
850d94781455275b0b4d98a18be4db76843c12bf
-
SHA256
c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439
-
SHA512
7c532923caa5507f8266e7983603792102c77c844c9fcbd9bca069f8b25b2f046591a889c42a5792e096bb050edb9dadae7d2bc9fccf78661c079d179d0c5355
Malware Config
Targets
-
-
Target
c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439.exe
-
Size
13.3MB
-
MD5
fc469f3f0d85aa66eb676f9a9e81b448
-
SHA1
850d94781455275b0b4d98a18be4db76843c12bf
-
SHA256
c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439
-
SHA512
7c532923caa5507f8266e7983603792102c77c844c9fcbd9bca069f8b25b2f046591a889c42a5792e096bb050edb9dadae7d2bc9fccf78661c079d179d0c5355
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-