General
-
Target
e6967a3e28cc938341c5ca21332c84ec700e33ae632cd0c08dc6bbf16b212f28
-
Size
361KB
-
Sample
220516-fy3vdsefc2
-
MD5
e2eb762d6d248fec5b8af8ab437cfdc2
-
SHA1
c6be1c85d65136e6ce2cc098db499837d2c5ea9e
-
SHA256
e6967a3e28cc938341c5ca21332c84ec700e33ae632cd0c08dc6bbf16b212f28
-
SHA512
0c85ede00a5ae7d0fe5aabfb9b662c6329922e6278bc80b59384234891a1383fe53d7931b9ca7d52ac95a355cd10840a4886a268238e347077d91fb0ba7d3a33
Malware Config
Targets
-
-
Target
e6967a3e28cc938341c5ca21332c84ec700e33ae632cd0c08dc6bbf16b212f28
-
Size
361KB
-
MD5
e2eb762d6d248fec5b8af8ab437cfdc2
-
SHA1
c6be1c85d65136e6ce2cc098db499837d2c5ea9e
-
SHA256
e6967a3e28cc938341c5ca21332c84ec700e33ae632cd0c08dc6bbf16b212f28
-
SHA512
0c85ede00a5ae7d0fe5aabfb9b662c6329922e6278bc80b59384234891a1383fe53d7931b9ca7d52ac95a355cd10840a4886a268238e347077d91fb0ba7d3a33
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-