General
-
Target
9aef5075994872f38272a1d810ba5b5bf8b01385ea7b42f45f332c5d6cc6fd80
-
Size
814KB
-
Sample
221003-a925cabcak
-
MD5
6737b6a36c6f5dacf51e11fc43fab35b
-
SHA1
ff2a34fc9578d1c12dbf4856c38af1281a1e7e54
-
SHA256
9aef5075994872f38272a1d810ba5b5bf8b01385ea7b42f45f332c5d6cc6fd80
-
SHA512
8fa7446c0ce60deb90171b7fb21a773221320f6c78b08696b645126204664c6e117222763881c21e3e29814e13061cddb3ef532b233567029fba4fb10953fc36
-
SSDEEP
24576:9u+WpklkZZKTEj6mmnqifyvNKiUrVU9U6Vo:9u+WpkJTfwifyvwhqRo
Malware Config
Targets
-
-
Target
9aef5075994872f38272a1d810ba5b5bf8b01385ea7b42f45f332c5d6cc6fd80
-
Size
814KB
-
MD5
6737b6a36c6f5dacf51e11fc43fab35b
-
SHA1
ff2a34fc9578d1c12dbf4856c38af1281a1e7e54
-
SHA256
9aef5075994872f38272a1d810ba5b5bf8b01385ea7b42f45f332c5d6cc6fd80
-
SHA512
8fa7446c0ce60deb90171b7fb21a773221320f6c78b08696b645126204664c6e117222763881c21e3e29814e13061cddb3ef532b233567029fba4fb10953fc36
-
SSDEEP
24576:9u+WpklkZZKTEj6mmnqifyvNKiUrVU9U6Vo:9u+WpkJTfwifyvwhqRo
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-