General
-
Target
7cbc9dc1c84350304115da4fe2ec495c8165e2dafc734fd0f022acc5ba4ffef7
-
Size
9.9MB
-
Sample
220511-3b21xafdcp
-
MD5
fc79ef37b31c9e4474a6fc0518f7ba41
-
SHA1
1c2afb8494ab9a869570c23efafadf88417eac8c
-
SHA256
7cbc9dc1c84350304115da4fe2ec495c8165e2dafc734fd0f022acc5ba4ffef7
-
SHA512
cc3bad07d87eb97bcc2b16a97a27c8537128a6c8eef9a6846ab136d3028b3b42e9c6fbdaf520b3e841055bb16ca16e7bb67d9fe995a51aa2188a376fb3e61cb3
Malware Config
Targets
-
-
Target
7cbc9dc1c84350304115da4fe2ec495c8165e2dafc734fd0f022acc5ba4ffef7
-
Size
9.9MB
-
MD5
fc79ef37b31c9e4474a6fc0518f7ba41
-
SHA1
1c2afb8494ab9a869570c23efafadf88417eac8c
-
SHA256
7cbc9dc1c84350304115da4fe2ec495c8165e2dafc734fd0f022acc5ba4ffef7
-
SHA512
cc3bad07d87eb97bcc2b16a97a27c8537128a6c8eef9a6846ab136d3028b3b42e9c6fbdaf520b3e841055bb16ca16e7bb67d9fe995a51aa2188a376fb3e61cb3
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-