General
-
Target
19271a21eecc6fd0a2c0057ea715e9b8f81c53d2052239e3ee25a8893b5d95e7
-
Size
39.3MB
-
Sample
220721-mv42lsehb4
-
MD5
a9eb0ced20bd86d51bb02f2ba9d4a3fd
-
SHA1
1036c06b86135ad9eca7502b8259e29822ba6555
-
SHA256
19271a21eecc6fd0a2c0057ea715e9b8f81c53d2052239e3ee25a8893b5d95e7
-
SHA512
8641ed1cd50f750d3e40a959536e015ea44b902d4d9bc3370ee3f554ee6b42ffbebe50c54a3c313ae88125d0eac63c98b0c94311cdfd72874df636ee19c260b8
Malware Config
Targets
-
-
Target
19271a21eecc6fd0a2c0057ea715e9b8f81c53d2052239e3ee25a8893b5d95e7
-
Size
39.3MB
-
MD5
a9eb0ced20bd86d51bb02f2ba9d4a3fd
-
SHA1
1036c06b86135ad9eca7502b8259e29822ba6555
-
SHA256
19271a21eecc6fd0a2c0057ea715e9b8f81c53d2052239e3ee25a8893b5d95e7
-
SHA512
8641ed1cd50f750d3e40a959536e015ea44b902d4d9bc3370ee3f554ee6b42ffbebe50c54a3c313ae88125d0eac63c98b0c94311cdfd72874df636ee19c260b8
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-