General
-
Target
b49eb2976690e5b935af8e2ce8792da99b51c8596759e7bc72f526d5fb8d9bad
-
Size
1.8MB
-
Sample
220809-f79z3afdd3
-
MD5
4a6392d48f39fd32688100133f63858b
-
SHA1
d4840c47a5546fd7d0d43948dcc4f9df78f1ae2b
-
SHA256
b49eb2976690e5b935af8e2ce8792da99b51c8596759e7bc72f526d5fb8d9bad
-
SHA512
aae9aeebe2ec5238867a7a998e19eb23c56e7bcac7f3732578755918bfbe909dd580d33df073c3c7372a3cb04fe431ed9e52b51c2de8076bdda666ad3b31bf9d
Static task
static1
Malware Config
Targets
-
-
Target
b49eb2976690e5b935af8e2ce8792da99b51c8596759e7bc72f526d5fb8d9bad
-
Size
1.8MB
-
MD5
4a6392d48f39fd32688100133f63858b
-
SHA1
d4840c47a5546fd7d0d43948dcc4f9df78f1ae2b
-
SHA256
b49eb2976690e5b935af8e2ce8792da99b51c8596759e7bc72f526d5fb8d9bad
-
SHA512
aae9aeebe2ec5238867a7a998e19eb23c56e7bcac7f3732578755918bfbe909dd580d33df073c3c7372a3cb04fe431ed9e52b51c2de8076bdda666ad3b31bf9d
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-