General
-
Target
65.zip
-
Size
9.8MB
-
Sample
220925-dy3hhsedal
-
MD5
b144b58537058fc572d9bcbf668a9ed2
-
SHA1
02f6955335085d91177fcf329930465bb301c4bc
-
SHA256
f1b2df0cdb1576dfe30733fbf2936c5dcc530ea15f60377c0402ca3eec28e039
-
SHA512
ea5c48378fabd584618e05413a35b2a45b0ad07a31beed5b09b0cdadc83aac52e9191f77441f524d29058e2257d595dfaa608b918be439a6f2edb7026c3032a0
-
SSDEEP
196608:0KbwvkBYSQHIhE6wczxbaG1Ysr6LPr14B5shyl+Gyajsuh3bTiZI1MJD6g:0KNYSNzxbaGXMx4B5sh5GHsu5+qCJD1
Malware Config
Targets
-
-
Target
65.zip
-
Size
9.8MB
-
MD5
b144b58537058fc572d9bcbf668a9ed2
-
SHA1
02f6955335085d91177fcf329930465bb301c4bc
-
SHA256
f1b2df0cdb1576dfe30733fbf2936c5dcc530ea15f60377c0402ca3eec28e039
-
SHA512
ea5c48378fabd584618e05413a35b2a45b0ad07a31beed5b09b0cdadc83aac52e9191f77441f524d29058e2257d595dfaa608b918be439a6f2edb7026c3032a0
-
SSDEEP
196608:0KbwvkBYSQHIhE6wczxbaG1Ysr6LPr14B5shyl+Gyajsuh3bTiZI1MJD6g:0KNYSNzxbaGXMx4B5sh5GHsu5+qCJD1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-