General
-
Target
ADS87a4d784A87D487a487A4D87D8sHGIUYgiuyGiyugIUGoijuhiufgtUHouguis.exe
-
Size
3.0MB
-
Sample
221011-r7w9raagfm
-
MD5
c9bfd91a0597d00185737ce65a753be9
-
SHA1
2658367b5f88891d970392f153595fdb87bdec91
-
SHA256
f3360f4841b3f4ed6e6c7d42315248473002bcd4f7262db1c813d6074b50240e
-
SHA512
aa458b785e7f417fd07ee007f96bd290c526e1a4ed22d1cccd713179ec3f8ee2ff81303036c45a4a92b012b3094e06a773a79fad1b1dc9dd390e0711d5ee2236
-
SSDEEP
49152:axTtE+G757NEqpmvgIMwoUNZq2aLOed/zc7NLD5O7OpJwHMMvKIDYE+pERcPE645:ayFH0Zoywqeta15OapGsMDupERmEtVUQ
Malware Config
Targets
-
-
Target
ADS87a4d784A87D487a487A4D87D8sHGIUYgiuyGiyugIUGoijuhiufgtUHouguis.exe
-
Size
3.0MB
-
MD5
c9bfd91a0597d00185737ce65a753be9
-
SHA1
2658367b5f88891d970392f153595fdb87bdec91
-
SHA256
f3360f4841b3f4ed6e6c7d42315248473002bcd4f7262db1c813d6074b50240e
-
SHA512
aa458b785e7f417fd07ee007f96bd290c526e1a4ed22d1cccd713179ec3f8ee2ff81303036c45a4a92b012b3094e06a773a79fad1b1dc9dd390e0711d5ee2236
-
SSDEEP
49152:axTtE+G757NEqpmvgIMwoUNZq2aLOed/zc7NLD5O7OpJwHMMvKIDYE+pERcPE645:ayFH0Zoywqeta15OapGsMDupERmEtVUQ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-