General
-
Target
Trojan-Ransom.Win32.Blocker.dopg-6d23133cc2b9d0d7787bafcd36712696470ca26a62e4a902e51c45e691e48aa4
-
Size
1.4MB
-
Sample
221106-wxq27shbej
-
MD5
652d74094e72b6c3e51a75c6d350c896
-
SHA1
67e11c27b493946e66c6aa67301d3d190e5d176c
-
SHA256
6d23133cc2b9d0d7787bafcd36712696470ca26a62e4a902e51c45e691e48aa4
-
SHA512
fe58b350551e2bba1e160d64d42f1f3c28a88cc4364a32ea5ead9dd479224d58b31e204acedfa007170ea5587919d2061d2f15fd128996b3ce1fb41c1ed0b428
-
SSDEEP
24576:oN9QNHMEMPAhssp0ZCB3WynPPKOWPSrubnUOv0OnJXWqhOYdQHRoNmLY06u/PLx+:296DM4i8PnPRoSyYO8gmqP2Ro0LYILd6
Malware Config
Targets
-
-
Target
Trojan-Ransom.Win32.Blocker.dopg-6d23133cc2b9d0d7787bafcd36712696470ca26a62e4a902e51c45e691e48aa4
-
Size
1.4MB
-
MD5
652d74094e72b6c3e51a75c6d350c896
-
SHA1
67e11c27b493946e66c6aa67301d3d190e5d176c
-
SHA256
6d23133cc2b9d0d7787bafcd36712696470ca26a62e4a902e51c45e691e48aa4
-
SHA512
fe58b350551e2bba1e160d64d42f1f3c28a88cc4364a32ea5ead9dd479224d58b31e204acedfa007170ea5587919d2061d2f15fd128996b3ce1fb41c1ed0b428
-
SSDEEP
24576:oN9QNHMEMPAhssp0ZCB3WynPPKOWPSrubnUOv0OnJXWqhOYdQHRoNmLY06u/PLx+:296DM4i8PnPRoSyYO8gmqP2Ro0LYILd6
Score10/10-
UAC bypass
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-