General
-
Target
0b30f80f1a4302af74f78328ea9fd9ad265f9c8b3ff72cb0c6a78fb3374ca1a9
-
Size
2.7MB
-
Sample
220215-s6w32ahham
-
MD5
a5b12ab8a3fc98d4ed6d6f9becedca61
-
SHA1
1e291df778dfc18fd8e1036f2e224263f8997024
-
SHA256
0b30f80f1a4302af74f78328ea9fd9ad265f9c8b3ff72cb0c6a78fb3374ca1a9
-
SHA512
526ac2778cacd14d54ad2831a1893e94580d09fd2678aaa4a47d9a93948c73d33e0618168604b7c27056a1487a49ffe931248f1592591573feec4f1ee8cdebf9
Malware Config
Targets
-
-
Target
0b30f80f1a4302af74f78328ea9fd9ad265f9c8b3ff72cb0c6a78fb3374ca1a9
-
Size
2.7MB
-
MD5
a5b12ab8a3fc98d4ed6d6f9becedca61
-
SHA1
1e291df778dfc18fd8e1036f2e224263f8997024
-
SHA256
0b30f80f1a4302af74f78328ea9fd9ad265f9c8b3ff72cb0c6a78fb3374ca1a9
-
SHA512
526ac2778cacd14d54ad2831a1893e94580d09fd2678aaa4a47d9a93948c73d33e0618168604b7c27056a1487a49ffe931248f1592591573feec4f1ee8cdebf9
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-