General
-
Target
b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b
-
Size
1.8MB
-
Sample
220809-fz2nqafcd5
-
MD5
f58b6b797c23a456405c71f40b411499
-
SHA1
5886a152dd8e90bfd8339e3a5042e6f8206f0017
-
SHA256
b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b
-
SHA512
d789f5ee6696a634bfec8a26a027c57c013fc50f6cb661c4c56ebfe558d48dd2b11315c60d755fa129d754bf08319861f6195091ff1f64661afe26eb53a7a19b
Static task
static1
Malware Config
Targets
-
-
Target
b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b
-
Size
1.8MB
-
MD5
f58b6b797c23a456405c71f40b411499
-
SHA1
5886a152dd8e90bfd8339e3a5042e6f8206f0017
-
SHA256
b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b
-
SHA512
d789f5ee6696a634bfec8a26a027c57c013fc50f6cb661c4c56ebfe558d48dd2b11315c60d755fa129d754bf08319861f6195091ff1f64661afe26eb53a7a19b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-