General
-
Target
BIHBXRSIVW.rCJ.dll
-
Size
14.5MB
-
Sample
230317-w8w3lahe67
-
MD5
9c10a526a73893354ffda1070e3c438f
-
SHA1
ce854ebd481c03df98625619bcc258614fc19515
-
SHA256
9fc52a3f3062b09ef6fe25ceeead5bcf3f80c712e8468fe887a57fbe19884b2c
-
SHA512
56f8cdfb10cbe024842390b7878e6cc83f4c644942d3785711310583c25499111e6427e1cb6954b17edf6db1ca9275d1e823ac5b32decfd62bddc13f1d624466
-
SSDEEP
393216:y1+g8B3BQ6lV7Vb3LBgTovVLRAsDEI3mtPuQTC35BeI:y1Vs3BQmBFiMVLRAsYI3OGx
Behavioral task
behavioral1
Sample
BIHBXRSIVW.rCJ.dll
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
BIHBXRSIVW.rCJ.dll
-
Size
14.5MB
-
MD5
9c10a526a73893354ffda1070e3c438f
-
SHA1
ce854ebd481c03df98625619bcc258614fc19515
-
SHA256
9fc52a3f3062b09ef6fe25ceeead5bcf3f80c712e8468fe887a57fbe19884b2c
-
SHA512
56f8cdfb10cbe024842390b7878e6cc83f4c644942d3785711310583c25499111e6427e1cb6954b17edf6db1ca9275d1e823ac5b32decfd62bddc13f1d624466
-
SSDEEP
393216:y1+g8B3BQ6lV7Vb3LBgTovVLRAsDEI3mtPuQTC35BeI:y1Vs3BQmBFiMVLRAsYI3OGx
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-