General
-
Target
448f347cb3f88e5ba30b0f8549c8ca5be53914ff235725f084fd1ec357c0bdc3
-
Size
3.3MB
-
Sample
220707-xj9stsfgdp
-
MD5
b750a119d46d0d6525d04a79ddacb7eb
-
SHA1
be559bd5089ba05b96aabef913ff073c514b63cc
-
SHA256
448f347cb3f88e5ba30b0f8549c8ca5be53914ff235725f084fd1ec357c0bdc3
-
SHA512
55019a8d4ead94f4dc630dbe777ced9dd31c8e8752732b9d05c0339c579be619dd66b96778514298824070ac676f6594dd2bf1300d32eb40cca0bd18268b5a87
Malware Config
Targets
-
-
Target
448f347cb3f88e5ba30b0f8549c8ca5be53914ff235725f084fd1ec357c0bdc3
-
Size
3.3MB
-
MD5
b750a119d46d0d6525d04a79ddacb7eb
-
SHA1
be559bd5089ba05b96aabef913ff073c514b63cc
-
SHA256
448f347cb3f88e5ba30b0f8549c8ca5be53914ff235725f084fd1ec357c0bdc3
-
SHA512
55019a8d4ead94f4dc630dbe777ced9dd31c8e8752732b9d05c0339c579be619dd66b96778514298824070ac676f6594dd2bf1300d32eb40cca0bd18268b5a87
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-