General
-
Target
bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db
-
Size
2.7MB
-
Sample
220215-g9h5ssdbfr
-
MD5
33944a9e78b81f8daf8589fde57a6ab0
-
SHA1
4f26c57770dc8745e7b31e973ed9bd810f9dd34f
-
SHA256
bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db
-
SHA512
1ff156a3817a3fba52de59b7243bb8fd5a6fc5d7c1405c8c44fcd5cad01053cc739579b8f57a56c87914a1cfb6effe5e465c069f4c7b9009062af3af26d4ffd3
Malware Config
Targets
-
-
Target
bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db
-
Size
2.7MB
-
MD5
33944a9e78b81f8daf8589fde57a6ab0
-
SHA1
4f26c57770dc8745e7b31e973ed9bd810f9dd34f
-
SHA256
bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db
-
SHA512
1ff156a3817a3fba52de59b7243bb8fd5a6fc5d7c1405c8c44fcd5cad01053cc739579b8f57a56c87914a1cfb6effe5e465c069f4c7b9009062af3af26d4ffd3
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-