General
-
Target
c61f9a9059f8b8bd0e69f7df4cb09786
-
Size
3.5MB
-
Sample
220505-jeng5sfde5
-
MD5
c61f9a9059f8b8bd0e69f7df4cb09786
-
SHA1
70fffde0debf4559859617d49dc48c54df3c156d
-
SHA256
84a5a26f1748c3ad1f0b98c438908e8dc842eacc6390484527ee1fe7e56264f5
-
SHA512
6a838d9663517e1f89bf47f9ba85b72cd431f0d61c4db97e69516ffa313d8bdfc9f619eb51ead5215786e523b43cde3186300cf3bfab7408d580c66cd7d00453
Static task
static1
Behavioral task
behavioral1
Sample
c61f9a9059f8b8bd0e69f7df4cb09786.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
c61f9a9059f8b8bd0e69f7df4cb09786
-
Size
3.5MB
-
MD5
c61f9a9059f8b8bd0e69f7df4cb09786
-
SHA1
70fffde0debf4559859617d49dc48c54df3c156d
-
SHA256
84a5a26f1748c3ad1f0b98c438908e8dc842eacc6390484527ee1fe7e56264f5
-
SHA512
6a838d9663517e1f89bf47f9ba85b72cd431f0d61c4db97e69516ffa313d8bdfc9f619eb51ead5215786e523b43cde3186300cf3bfab7408d580c66cd7d00453
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-