General
-
Target
3e80c09e8c838aea42d609ec5a60b9409b0ab3d77d61c3dfdf191a38bc4f721e
-
Size
2.1MB
-
Sample
220701-hy2nfaahb3
-
MD5
afbf38eb9f1cae4703aa9ffc1e37ec65
-
SHA1
6b58fa4ffcfa1198c89cefb846975c8d5263855a
-
SHA256
3e80c09e8c838aea42d609ec5a60b9409b0ab3d77d61c3dfdf191a38bc4f721e
-
SHA512
5e5ec46a1ffbcf41d7f1885384111c163b20814ee1c308d8215511dbb41447d50bf1eec6d3f10261610fea4d4add7f409fd8a286e47f13d3c2a85d723dd09d6e
Malware Config
Targets
-
-
Target
3e80c09e8c838aea42d609ec5a60b9409b0ab3d77d61c3dfdf191a38bc4f721e
-
Size
2.1MB
-
MD5
afbf38eb9f1cae4703aa9ffc1e37ec65
-
SHA1
6b58fa4ffcfa1198c89cefb846975c8d5263855a
-
SHA256
3e80c09e8c838aea42d609ec5a60b9409b0ab3d77d61c3dfdf191a38bc4f721e
-
SHA512
5e5ec46a1ffbcf41d7f1885384111c163b20814ee1c308d8215511dbb41447d50bf1eec6d3f10261610fea4d4add7f409fd8a286e47f13d3c2a85d723dd09d6e
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-