General
-
Target
38e3ff2c1ad395cc854e2b620adc1a0f
-
Size
7.6MB
-
Sample
220701-p717lafbf4
-
MD5
38e3ff2c1ad395cc854e2b620adc1a0f
-
SHA1
ff1f4c054615337476ec558d22c69f578c5a9af2
-
SHA256
49a3b199025018458e69db1fcf9db5b7f9dd1f9e825c5ed94caff4103ad4fa0b
-
SHA512
0bd5b7b8dd03f9099504d6271e2bcd4aac0fd8a24b6097ac71ce33328bf4e7c305183919c40c1a64271eebf48643040ad4d0f0311bcd04a5143f237e39f16d98
Malware Config
Targets
-
-
Target
38e3ff2c1ad395cc854e2b620adc1a0f
-
Size
7.6MB
-
MD5
38e3ff2c1ad395cc854e2b620adc1a0f
-
SHA1
ff1f4c054615337476ec558d22c69f578c5a9af2
-
SHA256
49a3b199025018458e69db1fcf9db5b7f9dd1f9e825c5ed94caff4103ad4fa0b
-
SHA512
0bd5b7b8dd03f9099504d6271e2bcd4aac0fd8a24b6097ac71ce33328bf4e7c305183919c40c1a64271eebf48643040ad4d0f0311bcd04a5143f237e39f16d98
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-