General
-
Target
eb2b81440013395b4699d0520f2adcb797420ad2bb57e01e8e356fa3c4730e5d
-
Size
738KB
-
Sample
221030-nxwcxshdf3
-
MD5
56898b83d6f2893dce5760b5b9692844
-
SHA1
141c12d74533c988fc571f0636d774a6155abd40
-
SHA256
eb2b81440013395b4699d0520f2adcb797420ad2bb57e01e8e356fa3c4730e5d
-
SHA512
7da70d5dbbab6a9b5dc7b79ac3650f9f79d858940ff4d59c29a990c558e765e00c33b278cc3c3aee2f91de2fe5d1030b781e85016952763218cdaf5de8a1db4c
-
SSDEEP
12288:cdOHNR54OayFgGLZ5xStM41YTdNNDaGMRD/rm47+hrbUk7EMP/lHBBaxSqnEQxKK:1ayFgOZ5xS6418btQDKA+hfHPlBBmSq7
Malware Config
Targets
-
-
Target
eb2b81440013395b4699d0520f2adcb797420ad2bb57e01e8e356fa3c4730e5d
-
Size
738KB
-
MD5
56898b83d6f2893dce5760b5b9692844
-
SHA1
141c12d74533c988fc571f0636d774a6155abd40
-
SHA256
eb2b81440013395b4699d0520f2adcb797420ad2bb57e01e8e356fa3c4730e5d
-
SHA512
7da70d5dbbab6a9b5dc7b79ac3650f9f79d858940ff4d59c29a990c558e765e00c33b278cc3c3aee2f91de2fe5d1030b781e85016952763218cdaf5de8a1db4c
-
SSDEEP
12288:cdOHNR54OayFgGLZ5xStM41YTdNNDaGMRD/rm47+hrbUk7EMP/lHBBaxSqnEQxKK:1ayFgOZ5xS6418btQDKA+hfHPlBBmSq7
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-