General
-
Target
23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539
-
Size
1.8MB
-
Sample
220809-f3w8eafch3
-
MD5
abb4212bc15517a49fa413e6b229be11
-
SHA1
b932db497fd8b825c1802073a72d3e636693582d
-
SHA256
23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539
-
SHA512
ca5376414821b9a0aeb4cc4dcfc62c84609116fc4da3dc9a4f09cd15c1f3dad98c62432dcb23f8d74b55099e42266cea37bdb681a513e655ead0e717cc43d9b7
Static task
static1
Malware Config
Targets
-
-
Target
23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539
-
Size
1.8MB
-
MD5
abb4212bc15517a49fa413e6b229be11
-
SHA1
b932db497fd8b825c1802073a72d3e636693582d
-
SHA256
23c781cb78694a2e628d489c1b01a9e5db64bbd5a6fcbb04ddaf20c0d0586539
-
SHA512
ca5376414821b9a0aeb4cc4dcfc62c84609116fc4da3dc9a4f09cd15c1f3dad98c62432dcb23f8d74b55099e42266cea37bdb681a513e655ead0e717cc43d9b7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-