General
-
Target
4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41
-
Size
1.8MB
-
Sample
221003-galfwahhb4
-
MD5
1427adf0c942e4bfa97b92dfa641d8b5
-
SHA1
2c7c1669db026fc670c2c3a50735d8026fada29e
-
SHA256
4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41
-
SHA512
759d2631630f895eeb88ef5794c22d12a925fe61027390d4b37c7c44d134f5e6597401fc8a7c77817c52edf27a90fc797a6a8bd00f2aa9f9df6179a2e2857c95
-
SSDEEP
49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Static task
static1
Malware Config
Targets
-
-
Target
4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41
-
Size
1.8MB
-
MD5
1427adf0c942e4bfa97b92dfa641d8b5
-
SHA1
2c7c1669db026fc670c2c3a50735d8026fada29e
-
SHA256
4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41
-
SHA512
759d2631630f895eeb88ef5794c22d12a925fe61027390d4b37c7c44d134f5e6597401fc8a7c77817c52edf27a90fc797a6a8bd00f2aa9f9df6179a2e2857c95
-
SSDEEP
49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-