General
-
Target
b321417ec7f94af2711101f2a8966b1667ecac9e3c68133119d8371fb42dba7a
-
Size
1.8MB
-
Sample
220809-f11g2sdeck
-
MD5
1cf5749fad04f0f16260ac8e53baa075
-
SHA1
4d122685bcacc79f782a5fbac225a454f5ea63f9
-
SHA256
b321417ec7f94af2711101f2a8966b1667ecac9e3c68133119d8371fb42dba7a
-
SHA512
0abc2c5ee8f9cb07d962343d7f43453838465add2dc3dced0a61ae86168322fde80d9170b2d4c94b263d7733382e42de13b6cfadfd6137ed8c5d3f762617330b
Static task
static1
Malware Config
Targets
-
-
Target
b321417ec7f94af2711101f2a8966b1667ecac9e3c68133119d8371fb42dba7a
-
Size
1.8MB
-
MD5
1cf5749fad04f0f16260ac8e53baa075
-
SHA1
4d122685bcacc79f782a5fbac225a454f5ea63f9
-
SHA256
b321417ec7f94af2711101f2a8966b1667ecac9e3c68133119d8371fb42dba7a
-
SHA512
0abc2c5ee8f9cb07d962343d7f43453838465add2dc3dced0a61ae86168322fde80d9170b2d4c94b263d7733382e42de13b6cfadfd6137ed8c5d3f762617330b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-