General
-
Target
666.exe
-
Size
1.3MB
-
Sample
221003-eprkbsfdf6
-
MD5
c851a86c7c3bb02fe25dd5a870974cdb
-
SHA1
cad352db9acd07832c9f5a39cf1803723ed97e52
-
SHA256
17d64950e0e39ca106e5a5a51b1cc211a0a83d484ab21038e3fe963f490c6cc2
-
SHA512
934ed272e8392796dc608a1bf2b55bd4059b163e03e7262b4d25a005a3530b11045e7be1f2c22e8d410b09a5b9874be01035a8906939aa236dac190b0972897e
-
SSDEEP
24576:CFClbBTLTOBg6bV1vwQjtD7O6yEinJLHFHXwCaCMkhjWViv+21R:iClROqUVBjHvyEiZFHXw4nhjkC
Malware Config
Targets
-
-
Target
666.exe
-
Size
1.3MB
-
MD5
c851a86c7c3bb02fe25dd5a870974cdb
-
SHA1
cad352db9acd07832c9f5a39cf1803723ed97e52
-
SHA256
17d64950e0e39ca106e5a5a51b1cc211a0a83d484ab21038e3fe963f490c6cc2
-
SHA512
934ed272e8392796dc608a1bf2b55bd4059b163e03e7262b4d25a005a3530b11045e7be1f2c22e8d410b09a5b9874be01035a8906939aa236dac190b0972897e
-
SSDEEP
24576:CFClbBTLTOBg6bV1vwQjtD7O6yEinJLHFHXwCaCMkhjWViv+21R:iClROqUVBjHvyEiZFHXw4nhjkC
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-