General
-
Target
c7fcb975f0573e18e1985821f57707eb797a14091295d7acfa10324376dd99f0
-
Size
4.6MB
-
Sample
220521-16l7tsdff2
-
MD5
9a51cf21590842cbacc6d6c1de9d2020
-
SHA1
5ce69d2529442c59b38120434ed0ccc2ec537846
-
SHA256
c7fcb975f0573e18e1985821f57707eb797a14091295d7acfa10324376dd99f0
-
SHA512
4b63510b674878168b53e6bc958321cbc94fb29323c8dafb3c7331547d22bee7e11de8281b0255a233fac4f8f43e726190c95beff861be4edbc99940bb4161cb
Malware Config
Targets
-
-
Target
c7fcb975f0573e18e1985821f57707eb797a14091295d7acfa10324376dd99f0
-
Size
4.6MB
-
MD5
9a51cf21590842cbacc6d6c1de9d2020
-
SHA1
5ce69d2529442c59b38120434ed0ccc2ec537846
-
SHA256
c7fcb975f0573e18e1985821f57707eb797a14091295d7acfa10324376dd99f0
-
SHA512
4b63510b674878168b53e6bc958321cbc94fb29323c8dafb3c7331547d22bee7e11de8281b0255a233fac4f8f43e726190c95beff861be4edbc99940bb4161cb
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-