General
-
Target
91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758
-
Size
2.9MB
-
Sample
220215-jz2khacfa9
-
MD5
167d1f7c7288ab824af9c18a09145102
-
SHA1
e0eb15a2897c257a1af93047e49e45999d859fe5
-
SHA256
91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758
-
SHA512
dd34ee7be017fdb72ce9ac416784196588d7cee711401af377e534a302f994ae10de0311e41e9d286ace1d1fb86b45e3c6e87066868a1ae26cb3e8fa5e9a1d11
Malware Config
Targets
-
-
Target
91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758
-
Size
2.9MB
-
MD5
167d1f7c7288ab824af9c18a09145102
-
SHA1
e0eb15a2897c257a1af93047e49e45999d859fe5
-
SHA256
91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758
-
SHA512
dd34ee7be017fdb72ce9ac416784196588d7cee711401af377e534a302f994ae10de0311e41e9d286ace1d1fb86b45e3c6e87066868a1ae26cb3e8fa5e9a1d11
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-