General
-
Target
60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8
-
Size
3.3MB
-
Sample
220120-j8a4xahaam
-
MD5
aa7e600161d7614b3e08d40494f2d4bc
-
SHA1
9d3780e0e0d6413711b2440cf6da6ce7cf79e1f2
-
SHA256
60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8
-
SHA512
b3b14ac946177913539f36f4a1e137d59d82e596b91bcbbd1329405080ae181ae804423ba88087012405525db2665a93fc569a237884840c8e8854a5b61b524f
Malware Config
Targets
-
-
Target
60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8
-
Size
3.3MB
-
MD5
aa7e600161d7614b3e08d40494f2d4bc
-
SHA1
9d3780e0e0d6413711b2440cf6da6ce7cf79e1f2
-
SHA256
60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8
-
SHA512
b3b14ac946177913539f36f4a1e137d59d82e596b91bcbbd1329405080ae181ae804423ba88087012405525db2665a93fc569a237884840c8e8854a5b61b524f
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-