General
-
Target
faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847
-
Size
1.8MB
-
Sample
220809-f2d1fadecl
-
MD5
6287a01eb7310062f81fdb8dfe110d69
-
SHA1
db9bd6985626ea8507a404d49db2ddd1dc349634
-
SHA256
faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847
-
SHA512
b6c37b0b06e8ecd4db978855fee92f72d61306b591894b735080ed59c0e7f03ccf2df377d1789e485fec04252a97c20827e7ec6965863be96719b722e1f964cd
Static task
static1
Malware Config
Targets
-
-
Target
faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847
-
Size
1.8MB
-
MD5
6287a01eb7310062f81fdb8dfe110d69
-
SHA1
db9bd6985626ea8507a404d49db2ddd1dc349634
-
SHA256
faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847
-
SHA512
b6c37b0b06e8ecd4db978855fee92f72d61306b591894b735080ed59c0e7f03ccf2df377d1789e485fec04252a97c20827e7ec6965863be96719b722e1f964cd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-