General
-
Target
21a8f01c939e887621a2e3b25ab165a135a842a695fbaec75a1cf13a67fabd37
-
Size
3.4MB
-
Sample
220215-sd17aagbh2
-
MD5
7353d83c321cb341abed242c33856850
-
SHA1
10207907f7cc70fc0735c0415f21590775fff835
-
SHA256
21a8f01c939e887621a2e3b25ab165a135a842a695fbaec75a1cf13a67fabd37
-
SHA512
275e19eaad5bdd067694d96e5bfe5e27079b6bfd8953ce3519fa5cb80a8b62add21c453a81a9bf7845dad0801871297db2d3de740ef8c74ef718faef5430544c
Malware Config
Targets
-
-
Target
21a8f01c939e887621a2e3b25ab165a135a842a695fbaec75a1cf13a67fabd37
-
Size
3.4MB
-
MD5
7353d83c321cb341abed242c33856850
-
SHA1
10207907f7cc70fc0735c0415f21590775fff835
-
SHA256
21a8f01c939e887621a2e3b25ab165a135a842a695fbaec75a1cf13a67fabd37
-
SHA512
275e19eaad5bdd067694d96e5bfe5e27079b6bfd8953ce3519fa5cb80a8b62add21c453a81a9bf7845dad0801871297db2d3de740ef8c74ef718faef5430544c
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-