General
-
Target
6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05.exe_
-
Size
2.6MB
-
Sample
220725-fq9yqsfgd5
-
MD5
a8c845eb0bd7edc496cb5195f9c6983b
-
SHA1
bbee93f915f7e8dcc1f861cb24c866e52b7d9087
-
SHA256
6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05
-
SHA512
1d86fe76d326adf72c67d00aa04540a7d38371846e0557995b3994d02f884f9accd1148ddff2d90792110f8c245717fcd00234d26c9997b3842b7952e858d3e2
Behavioral task
behavioral1
Sample
6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05.exe_
-
Size
2.6MB
-
MD5
a8c845eb0bd7edc496cb5195f9c6983b
-
SHA1
bbee93f915f7e8dcc1f861cb24c866e52b7d9087
-
SHA256
6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05
-
SHA512
1d86fe76d326adf72c67d00aa04540a7d38371846e0557995b3994d02f884f9accd1148ddff2d90792110f8c245717fcd00234d26c9997b3842b7952e858d3e2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-