General
-
Target
b9eaccc08354ea1facf68d79208f7e86
-
Size
2.7MB
-
Sample
220107-ml4pgscegn
-
MD5
b9eaccc08354ea1facf68d79208f7e86
-
SHA1
3360ba7ced490f91ba853db45abd06c0706bd30e
-
SHA256
fc43539357046ee0f79668dcff7302b96510907576150ce12b40878942913d16
-
SHA512
f7f0e21eb218a794dd19ec57ab377e3a369c5958c08178dfbde8caeb7d0a7007fd7881ea94e26aa2a01dad654172c2a2706fda9e243557bad1a397e90f2d4c66
Malware Config
Targets
-
-
Target
b9eaccc08354ea1facf68d79208f7e86
-
Size
2.7MB
-
MD5
b9eaccc08354ea1facf68d79208f7e86
-
SHA1
3360ba7ced490f91ba853db45abd06c0706bd30e
-
SHA256
fc43539357046ee0f79668dcff7302b96510907576150ce12b40878942913d16
-
SHA512
f7f0e21eb218a794dd19ec57ab377e3a369c5958c08178dfbde8caeb7d0a7007fd7881ea94e26aa2a01dad654172c2a2706fda9e243557bad1a397e90f2d4c66
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-