General
-
Target
d265e1bb7e63c43992262eebfe6691b5e440fdc30f0c7c557a858dca3474c7f6
-
Size
3.3MB
-
Sample
220215-gkr2eabdh8
-
MD5
79135abf1fbb56fab3f4215db894aa7b
-
SHA1
b06079cd3ca2a7d1ff64d3b4492dc1587d92bdb1
-
SHA256
d265e1bb7e63c43992262eebfe6691b5e440fdc30f0c7c557a858dca3474c7f6
-
SHA512
59556fe24c689331983c89f406c7f90fdefc5db4effa6b147b468ae1544dcf9b7a62c30c1c33ae917bf14cfff88f2ea0a9460223b69f54fb992b8ad8050f32bc
Malware Config
Targets
-
-
Target
d265e1bb7e63c43992262eebfe6691b5e440fdc30f0c7c557a858dca3474c7f6
-
Size
3.3MB
-
MD5
79135abf1fbb56fab3f4215db894aa7b
-
SHA1
b06079cd3ca2a7d1ff64d3b4492dc1587d92bdb1
-
SHA256
d265e1bb7e63c43992262eebfe6691b5e440fdc30f0c7c557a858dca3474c7f6
-
SHA512
59556fe24c689331983c89f406c7f90fdefc5db4effa6b147b468ae1544dcf9b7a62c30c1c33ae917bf14cfff88f2ea0a9460223b69f54fb992b8ad8050f32bc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-