General
-
Target
a595c8030679feabf73e25979ca486d9de798d5ba7303ca102f4eb5ca8f36da2
-
Size
6.4MB
-
Sample
220806-rh4yashhd3
-
MD5
fad7d228308a436ec1333458bfbc3304
-
SHA1
737066c152957fb0c0bdaf842b391ea72709f2b1
-
SHA256
a595c8030679feabf73e25979ca486d9de798d5ba7303ca102f4eb5ca8f36da2
-
SHA512
8df1e1b582f91b386a344725880fa6226958d9674a6dcefbc10ae1e42a51e3862e0cddb7ab7e7e0c057f8c44395252203acf749bd38ba9021dee78280cb35b54
Malware Config
Targets
-
-
Target
a595c8030679feabf73e25979ca486d9de798d5ba7303ca102f4eb5ca8f36da2
-
Size
6.4MB
-
MD5
fad7d228308a436ec1333458bfbc3304
-
SHA1
737066c152957fb0c0bdaf842b391ea72709f2b1
-
SHA256
a595c8030679feabf73e25979ca486d9de798d5ba7303ca102f4eb5ca8f36da2
-
SHA512
8df1e1b582f91b386a344725880fa6226958d9674a6dcefbc10ae1e42a51e3862e0cddb7ab7e7e0c057f8c44395252203acf749bd38ba9021dee78280cb35b54
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-