General
-
Target
b0c8932726e7ae5e6f85b078f19980c4e2e5834e9446ff74e73a5b435b0def98
-
Size
1.8MB
-
Sample
220809-f5syrsdegl
-
MD5
2d6de08a2e114be301be2c3ca6029366
-
SHA1
5a7eb1f7670fb02608b6e501c7a520d7a0299252
-
SHA256
b0c8932726e7ae5e6f85b078f19980c4e2e5834e9446ff74e73a5b435b0def98
-
SHA512
6b36520b23639e268c542581c376c64b5eccd750918cbbe5d3822715f0702138bf94118259fb6ab554c4f3d1b7c5ad4a0bb0af06ceee7f6e1bc5c9b3f09d9c6a
Static task
static1
Malware Config
Targets
-
-
Target
b0c8932726e7ae5e6f85b078f19980c4e2e5834e9446ff74e73a5b435b0def98
-
Size
1.8MB
-
MD5
2d6de08a2e114be301be2c3ca6029366
-
SHA1
5a7eb1f7670fb02608b6e501c7a520d7a0299252
-
SHA256
b0c8932726e7ae5e6f85b078f19980c4e2e5834e9446ff74e73a5b435b0def98
-
SHA512
6b36520b23639e268c542581c376c64b5eccd750918cbbe5d3822715f0702138bf94118259fb6ab554c4f3d1b7c5ad4a0bb0af06ceee7f6e1bc5c9b3f09d9c6a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-