General
-
Target
sample
-
Size
1KB
-
Sample
220802-mh3b9afadm
-
MD5
9d90e114e839e220f26dc67641381180
-
SHA1
06963e2e95f3f2f512d848ef0169b8d72bfe18cf
-
SHA256
1599cf392a5a3efae97a43625d54b67ae0dd75b6b36720fa7d6925ac274e04e1
-
SHA512
7169a00cc1e5d6c8c62ade0760af0b3e067c06ad5f5f596e84ccaf993f597f60faea39132268e15f59a02f889f9ef4fcba70b76aa58150d21ee2319a65ec174d
Malware Config
Targets
-
-
Target
sample
-
Size
1KB
-
MD5
9d90e114e839e220f26dc67641381180
-
SHA1
06963e2e95f3f2f512d848ef0169b8d72bfe18cf
-
SHA256
1599cf392a5a3efae97a43625d54b67ae0dd75b6b36720fa7d6925ac274e04e1
-
SHA512
7169a00cc1e5d6c8c62ade0760af0b3e067c06ad5f5f596e84ccaf993f597f60faea39132268e15f59a02f889f9ef4fcba70b76aa58150d21ee2319a65ec174d
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-