General
-
Target
d18a378c9699405946fb35d30219e91610e755d709adb8ff278242c15da0129e
-
Size
185KB
-
Sample
221123-lkhj7abf25
-
MD5
d07ff8316e5c702911ef9be090b1b145
-
SHA1
9f2edd9306abe35c5d6bb3eef79242367f942b32
-
SHA256
d18a378c9699405946fb35d30219e91610e755d709adb8ff278242c15da0129e
-
SHA512
9c10d3a15794262ee3b055af0d22a09f0c963f81a260c7c542d9ec36363a37c5e62532ab20b9d42e3b3e854970ffe642939cb596a9b2fda4d533b705060f1e3e
-
SSDEEP
3072:/Lk395hYXJMhccNc+nZ77j2NZkM2y5JQ7ps9PyBmZ/Ixe1+jm3JWlKz4zlxDqf:/QqwccNco98ZN2ims96O/RoqZoTfDqf
Malware Config
Targets
-
-
Target
d18a378c9699405946fb35d30219e91610e755d709adb8ff278242c15da0129e
-
Size
185KB
-
MD5
d07ff8316e5c702911ef9be090b1b145
-
SHA1
9f2edd9306abe35c5d6bb3eef79242367f942b32
-
SHA256
d18a378c9699405946fb35d30219e91610e755d709adb8ff278242c15da0129e
-
SHA512
9c10d3a15794262ee3b055af0d22a09f0c963f81a260c7c542d9ec36363a37c5e62532ab20b9d42e3b3e854970ffe642939cb596a9b2fda4d533b705060f1e3e
-
SSDEEP
3072:/Lk395hYXJMhccNc+nZ77j2NZkM2y5JQ7ps9PyBmZ/Ixe1+jm3JWlKz4zlxDqf:/QqwccNco98ZN2ims96O/RoqZoTfDqf
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-