General
-
Target
SecuriteInfo.com.Variant.Razy.945356.15791.15020
-
Size
3.0MB
-
Sample
210926-xs8xwsfcd3
-
MD5
4d16d5c87a59de89bc4c2e4c8e35f87d
-
SHA1
92ce5bf5e0caba22bfc7a2733355627c4fe363c7
-
SHA256
f7ed4e6663e464417a8c11a641c2935ca324ad6c4aaa418a323991cd9bff70e1
-
SHA512
ed4f3fbe817f2cf244b076b7cde6c8f29bb02bf79bbcb98a136c7f2ca9fbdb7e427064d3b4aa15d72b4d05d01c68dba83638420e9e1563d218ef15d65f90fd02
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Variant.Razy.945356.15791.15020
-
Size
3.0MB
-
MD5
4d16d5c87a59de89bc4c2e4c8e35f87d
-
SHA1
92ce5bf5e0caba22bfc7a2733355627c4fe363c7
-
SHA256
f7ed4e6663e464417a8c11a641c2935ca324ad6c4aaa418a323991cd9bff70e1
-
SHA512
ed4f3fbe817f2cf244b076b7cde6c8f29bb02bf79bbcb98a136c7f2ca9fbdb7e427064d3b4aa15d72b4d05d01c68dba83638420e9e1563d218ef15d65f90fd02
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-