General
-
Target
627b7a13e4b0d5c47958d2e3.exe
-
Size
13.9MB
-
Sample
220511-qm2hasged2
-
MD5
cf0b38c9153e2d586b04fd88a82f9682
-
SHA1
745ad6244181b54061cacbebc1e0e39d5f0ae4bb
-
SHA256
0afeddf5d9d31c04ba1e5f3c5ac05cc5db4a232ece3dd2e3d15a1776a14e9993
-
SHA512
9b5cd095afc1295d28c69b4fc2b9bb27f730f90886993532f9f72be1656f613273679536835e265e928dce2d9aebc076bd6c2e166a5e005a404f276d7f91cc3f
Malware Config
Targets
-
-
Target
627b7a13e4b0d5c47958d2e3.exe
-
Size
13.9MB
-
MD5
cf0b38c9153e2d586b04fd88a82f9682
-
SHA1
745ad6244181b54061cacbebc1e0e39d5f0ae4bb
-
SHA256
0afeddf5d9d31c04ba1e5f3c5ac05cc5db4a232ece3dd2e3d15a1776a14e9993
-
SHA512
9b5cd095afc1295d28c69b4fc2b9bb27f730f90886993532f9f72be1656f613273679536835e265e928dce2d9aebc076bd6c2e166a5e005a404f276d7f91cc3f
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-