General
-
Target
Bol-080722.zip
-
Size
8.4MB
-
Sample
220721-xgrjgahdf2
-
MD5
39d9d72992e0939fb019a3932ef58ed7
-
SHA1
db646f7f3119cfb7fafbf2df1a259c62170a02c2
-
SHA256
4181b12efba3c61f48ed054af4152e80805a1ed13d50f60ec039f1d628e3b9d9
-
SHA512
793b822a997488b26906fe3ca97690be1b9ae6ea6ebd94703f76dc0d77eaf2b1d0a3ea75fad729bafa3df70480e8a9d9563edc3b2a3637cc46fbdd27fac65b85
Malware Config
Targets
-
-
Target
aspack.dll
-
Size
8.0MB
-
MD5
0e79c52d1fe3697ce106755c01450993
-
SHA1
026c496e59a0ab7cd614ec0520b085ddf2a44c97
-
SHA256
50cf129c7b370e290d28ae4481e2fdb3f71c073ff9a4093abd80ed92ef4db8bf
-
SHA512
5a6ee92b0532e5c74b2ea5cd942bfb83d4c530b6493541325937fca746f02b49f96ff28fecddebda6d97ee1afde265729e618bbf8e715c2cc4295dde09de61b4
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bol-080722.exe
-
Size
557KB
-
MD5
e33bcdd61d70a1961df2c6d7f0c18351
-
SHA1
958ff5402b7e05be694b00bb760f124b79fe0c7d
-
SHA256
b1aad17f65fbdb5fb75e13a00bd3b1db6e5168f8e4419e57b13fb34dc48c4ba4
-
SHA512
d4bb02140173417986d559b7ab96b3388478a4494ce652ac01e6a84297f86d772408aa6591ace45e75cce589298ee3a9a7864624a25a0cbd7d1ced197bd4946b
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-