General
-
Target
076.zip
-
Size
10.5MB
-
Sample
220925-fb2zksdcf7
-
MD5
a4557f16762458c8062b198dcba9d51d
-
SHA1
8cf3d6a87fff04a87f607c8da17df19a2dd272fa
-
SHA256
8895e9d8e18c3af21c85f6f207a8e61511ed9c80efb80ab7f417a094f63d2b81
-
SHA512
78bdbcbd1c418f5e3ca85e64df9f89b9668c3a37ceae0d811a8a8580b0bca88db464190e150e1e4f0c7e7131dd3987e94bf5956d6bceaa99aec48968a552e0fe
-
SSDEEP
196608:AKnTI7rOufoGOLfimHNkm5m70iXfBkE389hgYmEHkfvSFls/hL+8oqkPKyD:AKnTI7qufoG+qbmow7sWOYHHAaPsMKyD
Malware Config
Targets
-
-
Target
076.zip
-
Size
10.5MB
-
MD5
a4557f16762458c8062b198dcba9d51d
-
SHA1
8cf3d6a87fff04a87f607c8da17df19a2dd272fa
-
SHA256
8895e9d8e18c3af21c85f6f207a8e61511ed9c80efb80ab7f417a094f63d2b81
-
SHA512
78bdbcbd1c418f5e3ca85e64df9f89b9668c3a37ceae0d811a8a8580b0bca88db464190e150e1e4f0c7e7131dd3987e94bf5956d6bceaa99aec48968a552e0fe
-
SSDEEP
196608:AKnTI7rOufoGOLfimHNkm5m70iXfBkE389hgYmEHkfvSFls/hL+8oqkPKyD:AKnTI7qufoG+qbmow7sWOYHHAaPsMKyD
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-