General
-
Target
642ebca59dcce370c97de5403c0f45733262835f865feb726febc368abd3eb51
-
Size
6.5MB
-
Sample
220810-p6x4jscch9
-
MD5
3f9efa029373f78994ff5931925aee7b
-
SHA1
841625319664e4a285521d0ad060d7caa2e8e367
-
SHA256
642ebca59dcce370c97de5403c0f45733262835f865feb726febc368abd3eb51
-
SHA512
004c5648431dfaed9dc4d93583bad67f30a42b48972e7f306743ab4d1afb3cda0c176d081008e866df36eaeec1e02e45d41884ea4fb473120b345fd6eb1d495d
Malware Config
Targets
-
-
Target
642ebca59dcce370c97de5403c0f45733262835f865feb726febc368abd3eb51
-
Size
6.5MB
-
MD5
3f9efa029373f78994ff5931925aee7b
-
SHA1
841625319664e4a285521d0ad060d7caa2e8e367
-
SHA256
642ebca59dcce370c97de5403c0f45733262835f865feb726febc368abd3eb51
-
SHA512
004c5648431dfaed9dc4d93583bad67f30a42b48972e7f306743ab4d1afb3cda0c176d081008e866df36eaeec1e02e45d41884ea4fb473120b345fd6eb1d495d
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-