General
-
Target
efd0988cb5a3516b25d2ebe89481e83326e8e3d057b121f710c114caaa4abc68
-
Size
1.8MB
-
Sample
220809-f39thafch5
-
MD5
9fc6cc266ed0b4d02189f62f10d9dbed
-
SHA1
7adf72d438cd7b1bf5a38b9f8ab9bf83dccec5d1
-
SHA256
efd0988cb5a3516b25d2ebe89481e83326e8e3d057b121f710c114caaa4abc68
-
SHA512
611e9e22a38752d480771f3c7c19fa6e9439cfc3d03b8af11a68b37ae7b0c671805c1b5ed3957fdeb241e200fbd78444319cd8127d923d674de9bf7636133839
Static task
static1
Malware Config
Targets
-
-
Target
efd0988cb5a3516b25d2ebe89481e83326e8e3d057b121f710c114caaa4abc68
-
Size
1.8MB
-
MD5
9fc6cc266ed0b4d02189f62f10d9dbed
-
SHA1
7adf72d438cd7b1bf5a38b9f8ab9bf83dccec5d1
-
SHA256
efd0988cb5a3516b25d2ebe89481e83326e8e3d057b121f710c114caaa4abc68
-
SHA512
611e9e22a38752d480771f3c7c19fa6e9439cfc3d03b8af11a68b37ae7b0c671805c1b5ed3957fdeb241e200fbd78444319cd8127d923d674de9bf7636133839
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-