General
-
Target
1395c85edc7fff39e6520034f13786a7.exe
-
Size
2.2MB
-
Sample
210122-81svt56s1n
-
MD5
1395c85edc7fff39e6520034f13786a7
-
SHA1
9832f46048a23417445a4e17d2a9bda67fd75133
-
SHA256
f72fb6e625e6fd9abefcd97b18d9d386b8c6e7f2910dc87e6a7562147b0f589b
-
SHA512
f01cf57a4850894599d742652f51442a03d74432502338f418bda954835feb2d325fb4d95982c837d3f7ca3cb2e055803f4adb1309e7d6b7c40dfb645c912393
Malware Config
Targets
-
-
Target
1395c85edc7fff39e6520034f13786a7.exe
-
Size
2.2MB
-
MD5
1395c85edc7fff39e6520034f13786a7
-
SHA1
9832f46048a23417445a4e17d2a9bda67fd75133
-
SHA256
f72fb6e625e6fd9abefcd97b18d9d386b8c6e7f2910dc87e6a7562147b0f589b
-
SHA512
f01cf57a4850894599d742652f51442a03d74432502338f418bda954835feb2d325fb4d95982c837d3f7ca3cb2e055803f4adb1309e7d6b7c40dfb645c912393
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-