General
-
Target
32a9dd8f5a9dffca05382771e65444702966fd139c94580d8dbaa948ba003189
-
Size
1.8MB
-
Sample
220809-f1lnwsfce4
-
MD5
5a2e98544760420372656086638a96ff
-
SHA1
d2456c49fb15ccac60a7a3d0a22c30345b3b600e
-
SHA256
32a9dd8f5a9dffca05382771e65444702966fd139c94580d8dbaa948ba003189
-
SHA512
7098440cbbe69a6a929b11cd197ae05822e39de4633be7264d9b5d3895205453b64871b24c7b9fa20d06495349a8f66952d52a7053b69608b88b9766d5e4cbd3
Static task
static1
Malware Config
Targets
-
-
Target
32a9dd8f5a9dffca05382771e65444702966fd139c94580d8dbaa948ba003189
-
Size
1.8MB
-
MD5
5a2e98544760420372656086638a96ff
-
SHA1
d2456c49fb15ccac60a7a3d0a22c30345b3b600e
-
SHA256
32a9dd8f5a9dffca05382771e65444702966fd139c94580d8dbaa948ba003189
-
SHA512
7098440cbbe69a6a929b11cd197ae05822e39de4633be7264d9b5d3895205453b64871b24c7b9fa20d06495349a8f66952d52a7053b69608b88b9766d5e4cbd3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-