General
-
Target
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
-
Size
1.9MB
-
Sample
220520-e5tdvsaaf9
-
MD5
4a1c0fd0dea70de9898517ac5c37d766
-
SHA1
38bea50aa5e4f0693bbebac4c12bbcb469b045b0
-
SHA256
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
-
SHA512
a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195
Malware Config
Targets
-
-
Target
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
-
Size
1.9MB
-
MD5
4a1c0fd0dea70de9898517ac5c37d766
-
SHA1
38bea50aa5e4f0693bbebac4c12bbcb469b045b0
-
SHA256
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
-
SHA512
a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-