General
-
Target
603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf
-
Size
1.8MB
-
Sample
220809-f7gnhsdfar
-
MD5
69453c4c67c6c4151d31ca3d272eb1b1
-
SHA1
908a67c029f25e166298cfe257da5f1c32d71684
-
SHA256
603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf
-
SHA512
3b9f62e7750e30e2090117f6df1a76a5850049e90522e7749210af53b5da1716523867578bf3d1834b06bcc6ce85d447ecbd4045b10bb60657f9ce80ef70e2a1
Static task
static1
Malware Config
Targets
-
-
Target
603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf
-
Size
1.8MB
-
MD5
69453c4c67c6c4151d31ca3d272eb1b1
-
SHA1
908a67c029f25e166298cfe257da5f1c32d71684
-
SHA256
603e73cbc7de5a94b8846112829ba094ceb7649a907864304e6cf288ef8635cf
-
SHA512
3b9f62e7750e30e2090117f6df1a76a5850049e90522e7749210af53b5da1716523867578bf3d1834b06bcc6ce85d447ecbd4045b10bb60657f9ce80ef70e2a1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-