General
-
Target
oblot.dll
-
Size
1.3MB
-
Sample
220512-zzeczaabg4
-
MD5
38ea4397f1c9dfe79e9accaebe7487ec
-
SHA1
24614b49e47bbdc30263cc86cea8aceb2781f1ed
-
SHA256
281a1cfaebf968012e9596721d14b1bd6429744617e73f96558cb68bcc0db8f8
-
SHA512
3b8d8deb404a52cb43306c8b3275f61efd8092202cf5ac5d86c342664b1673080abb3689f77b5bcc94b88ca10f238eb2dba67161619588e443ca6e04e261399b
Static task
static1
Behavioral task
behavioral1
Sample
oblot.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
oblot.dll
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
oblot.dll
-
Size
1.3MB
-
MD5
38ea4397f1c9dfe79e9accaebe7487ec
-
SHA1
24614b49e47bbdc30263cc86cea8aceb2781f1ed
-
SHA256
281a1cfaebf968012e9596721d14b1bd6429744617e73f96558cb68bcc0db8f8
-
SHA512
3b8d8deb404a52cb43306c8b3275f61efd8092202cf5ac5d86c342664b1673080abb3689f77b5bcc94b88ca10f238eb2dba67161619588e443ca6e04e261399b
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-