General
-
Target
38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59
-
Size
4.1MB
-
Sample
220805-17tnasfdhl
-
MD5
35239580e14f6a36f65cdd1d38c6173d
-
SHA1
dc979f23b12c5665ae3d75559c749c198e86eb89
-
SHA256
38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59
-
SHA512
ca9c74f2dc6b21cbadde6173f3d92ea4620e92942121af8b01b264ab32a5e2bbac2396f6b83aeb28e9c6fb8dbc80d5f95b429549320c74e51596c9fe94d207f2
Behavioral task
behavioral1
Sample
38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59
-
Size
4.1MB
-
MD5
35239580e14f6a36f65cdd1d38c6173d
-
SHA1
dc979f23b12c5665ae3d75559c749c198e86eb89
-
SHA256
38fdcea1a60613c5e0ac45985312b01e34f1b39b6c86caa99c19e3bd971a2c59
-
SHA512
ca9c74f2dc6b21cbadde6173f3d92ea4620e92942121af8b01b264ab32a5e2bbac2396f6b83aeb28e9c6fb8dbc80d5f95b429549320c74e51596c9fe94d207f2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-