General
-
Target
4102cc63466a673a1aa9268468b7e03f8931da0171169b6db114f8d5bbda7763
-
Size
1.8MB
-
Sample
220809-f4hfmsfch6
-
MD5
8ff02f587a055a2687b0888e28fc4471
-
SHA1
dd303b5a6f543d633df0df13650286ae66185ece
-
SHA256
4102cc63466a673a1aa9268468b7e03f8931da0171169b6db114f8d5bbda7763
-
SHA512
6edfefda766e754567dbc84d9d0b78d91515906ce86ba41fecb952535f85f8e670838d5cfebf94153a06c7b5f4e925367a264de98fac07c00430b63358782516
Static task
static1
Malware Config
Targets
-
-
Target
4102cc63466a673a1aa9268468b7e03f8931da0171169b6db114f8d5bbda7763
-
Size
1.8MB
-
MD5
8ff02f587a055a2687b0888e28fc4471
-
SHA1
dd303b5a6f543d633df0df13650286ae66185ece
-
SHA256
4102cc63466a673a1aa9268468b7e03f8931da0171169b6db114f8d5bbda7763
-
SHA512
6edfefda766e754567dbc84d9d0b78d91515906ce86ba41fecb952535f85f8e670838d5cfebf94153a06c7b5f4e925367a264de98fac07c00430b63358782516
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-