General
-
Target
0748730a4121bcec3cb58826b96eddb314f8fe09ad85c4e2a1e1065d25fb8885
-
Size
6.7MB
-
Sample
220531-c6sslsfeek
-
MD5
c05c93bb8fd9ec6875e582b48c59eb77
-
SHA1
8240a23fa7a6eb70fed317389030f234abd0e9b6
-
SHA256
0748730a4121bcec3cb58826b96eddb314f8fe09ad85c4e2a1e1065d25fb8885
-
SHA512
df45303a30c3411f4e2f4ef351da042098bbcb913f41392b3f4bc1269a630036d451dc06333457df0503a0b9e848c24ad0b669b0ef259377fcc2504457f14ffc
Malware Config
Targets
-
-
Target
0748730a4121bcec3cb58826b96eddb314f8fe09ad85c4e2a1e1065d25fb8885
-
Size
6.7MB
-
MD5
c05c93bb8fd9ec6875e582b48c59eb77
-
SHA1
8240a23fa7a6eb70fed317389030f234abd0e9b6
-
SHA256
0748730a4121bcec3cb58826b96eddb314f8fe09ad85c4e2a1e1065d25fb8885
-
SHA512
df45303a30c3411f4e2f4ef351da042098bbcb913f41392b3f4bc1269a630036d451dc06333457df0503a0b9e848c24ad0b669b0ef259377fcc2504457f14ffc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-