General
-
Target
f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d
-
Size
1.8MB
-
Sample
220809-f2vyysfcg2
-
MD5
52fde15554cdda967fca765be4c3d0d4
-
SHA1
f8a0ca4786e34dea88d47295c60e5f9421ae1a04
-
SHA256
f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d
-
SHA512
db948a6647e53a9bbd793d8cf80d05873b0e3f4f3355ad7240171cc4e40bae18d2aeca83061b880774cb5d2b9c086fd1e031f3c2c09b3067daad539006b77161
Static task
static1
Malware Config
Targets
-
-
Target
f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d
-
Size
1.8MB
-
MD5
52fde15554cdda967fca765be4c3d0d4
-
SHA1
f8a0ca4786e34dea88d47295c60e5f9421ae1a04
-
SHA256
f96d8621bf8830f2ce8d216e5abee90419e5a5760f3cfaa220ba46a0bda5d87d
-
SHA512
db948a6647e53a9bbd793d8cf80d05873b0e3f4f3355ad7240171cc4e40bae18d2aeca83061b880774cb5d2b9c086fd1e031f3c2c09b3067daad539006b77161
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-