General
-
Target
Etabs_v18_kg.exe
-
Size
2.6MB
-
Sample
210926-yz9y7sfcbl
-
MD5
d184a76d23578380113625d695110c69
-
SHA1
01dcba88f50fed6c33e060fa49e96a62620b8570
-
SHA256
8f63908b52eab6e8edb2d3453dedb2b2a99f8c24187286df9853c3de1a47cba0
-
SHA512
5a88afbfb82d6055d1de99b8516f4b8dc5fab094c793944ff18c5175c4d66012a78e35eaf1fd9d9b701d185b141a36740ef04437aed88ae5783a27defdcad8c9
Malware Config
Targets
-
-
Target
Etabs_v18_kg.exe
-
Size
2.6MB
-
MD5
d184a76d23578380113625d695110c69
-
SHA1
01dcba88f50fed6c33e060fa49e96a62620b8570
-
SHA256
8f63908b52eab6e8edb2d3453dedb2b2a99f8c24187286df9853c3de1a47cba0
-
SHA512
5a88afbfb82d6055d1de99b8516f4b8dc5fab094c793944ff18c5175c4d66012a78e35eaf1fd9d9b701d185b141a36740ef04437aed88ae5783a27defdcad8c9
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-