General
-
Target
Setup.exe
-
Size
7.3MB
-
Sample
220819-ptf99sgba2
-
MD5
f1c967a3b91f3c7e6f64438cd5c08bd3
-
SHA1
cf6f14bf4c4a2458e290658e71238910c8b54f0d
-
SHA256
bbe77e8a2d371343b317688a63e5200f91e33038c80bddd82b418d85332784b8
-
SHA512
52b84257a7c199fe819ad2fea9e560b24310b382e9864d64885e7307134c4dbdd97cac7ad0e36042811623d8fd7842e68fbfdf52b5d1d975bf5c4420dd6f8d91
-
SSDEEP
196608:O0EcuhyVMAGt0lpKtzrZkXQlc1MdrL6zdjD2dv30o+Z2ESP:ZGdt0lpAZkX8N8djD2J3UZLa
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
7.3MB
-
MD5
f1c967a3b91f3c7e6f64438cd5c08bd3
-
SHA1
cf6f14bf4c4a2458e290658e71238910c8b54f0d
-
SHA256
bbe77e8a2d371343b317688a63e5200f91e33038c80bddd82b418d85332784b8
-
SHA512
52b84257a7c199fe819ad2fea9e560b24310b382e9864d64885e7307134c4dbdd97cac7ad0e36042811623d8fd7842e68fbfdf52b5d1d975bf5c4420dd6f8d91
-
SSDEEP
196608:O0EcuhyVMAGt0lpKtzrZkXQlc1MdrL6zdjD2dv30o+Z2ESP:ZGdt0lpAZkX8N8djD2J3UZLa
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-