General
-
Target
15.dll
-
Size
3.7MB
-
Sample
220510-pp1hcabehk
-
MD5
8c85cc84e654fa7d4222e8c68dff334f
-
SHA1
9d8a1d0e1854d2f39e012b39df4651cb11663ca4
-
SHA256
897bf7aaeee44df44e04fb6b0a276d0be76298569252fe157a39d6071a17631c
-
SHA512
d0e57b9617c9decab2542b4eec79da7191c4e381d4915b2ce5aa6ab71f1e7b7b8597869563a9219ca1b6fe177e50e392e2d44cf835f9f012d5b129b736f18d7e
Static task
static1
Behavioral task
behavioral1
Sample
15.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
15.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
bumblebee
23.82.128.149:443
108.62.12.203:443
-
group_id
mc405
BLACK
Targets
-
-
Target
15.dll
-
Size
3.7MB
-
MD5
8c85cc84e654fa7d4222e8c68dff334f
-
SHA1
9d8a1d0e1854d2f39e012b39df4651cb11663ca4
-
SHA256
897bf7aaeee44df44e04fb6b0a276d0be76298569252fe157a39d6071a17631c
-
SHA512
d0e57b9617c9decab2542b4eec79da7191c4e381d4915b2ce5aa6ab71f1e7b7b8597869563a9219ca1b6fe177e50e392e2d44cf835f9f012d5b129b736f18d7e
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-