General
-
Target
bc41a4fcf3b8dd2ee5c1828b53f3ea8ae8ae6e1decdc665aff985ecce6b8f341
-
Size
8.3MB
-
Sample
220720-rk5bvagcdm
-
MD5
cd470530fc3d2d35f04a225d8134d7cf
-
SHA1
41dcbe4ecc0f1c2b02d5f84e955c9faf2dececa1
-
SHA256
bc41a4fcf3b8dd2ee5c1828b53f3ea8ae8ae6e1decdc665aff985ecce6b8f341
-
SHA512
64eb417aaf812b5bfecee16c4005f987946bbcadb6569ce3fd5e2d8871bfab30653ee12dfc243117dc257f57c738d6bc69d49e342e353b95b1b94524e3805230
Malware Config
Targets
-
-
Target
bc41a4fcf3b8dd2ee5c1828b53f3ea8ae8ae6e1decdc665aff985ecce6b8f341
-
Size
8.3MB
-
MD5
cd470530fc3d2d35f04a225d8134d7cf
-
SHA1
41dcbe4ecc0f1c2b02d5f84e955c9faf2dececa1
-
SHA256
bc41a4fcf3b8dd2ee5c1828b53f3ea8ae8ae6e1decdc665aff985ecce6b8f341
-
SHA512
64eb417aaf812b5bfecee16c4005f987946bbcadb6569ce3fd5e2d8871bfab30653ee12dfc243117dc257f57c738d6bc69d49e342e353b95b1b94524e3805230
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-