General
-
Target
b8f3e6b1bf5f6aea4562166535a894da4ea83e0a48561c9c2105475090cc4d40
-
Size
178KB
-
Sample
221123-lkjr9afa61
-
MD5
430ac5106be9dc5b14f97ae1a20b916e
-
SHA1
7f367ccb8e2cdd977cf393ed87f81b0300590018
-
SHA256
b8f3e6b1bf5f6aea4562166535a894da4ea83e0a48561c9c2105475090cc4d40
-
SHA512
4f5b486b7fde152ac06066d7adfd54a754692285b68e8018b54d3021ef8827a2a25865650607c046cb769abb61090e70ae11949dbf78ae8ba777b480550b0b5d
-
SSDEEP
3072:tQIURTXJcPgNlr5KBUgXLgfdLsJXopAafIrG54YVLRoy+EJ1Jcd91vq0k:tsiINjKJ2obagK1zrLJR3
Malware Config
Targets
-
-
Target
b8f3e6b1bf5f6aea4562166535a894da4ea83e0a48561c9c2105475090cc4d40
-
Size
178KB
-
MD5
430ac5106be9dc5b14f97ae1a20b916e
-
SHA1
7f367ccb8e2cdd977cf393ed87f81b0300590018
-
SHA256
b8f3e6b1bf5f6aea4562166535a894da4ea83e0a48561c9c2105475090cc4d40
-
SHA512
4f5b486b7fde152ac06066d7adfd54a754692285b68e8018b54d3021ef8827a2a25865650607c046cb769abb61090e70ae11949dbf78ae8ba777b480550b0b5d
-
SSDEEP
3072:tQIURTXJcPgNlr5KBUgXLgfdLsJXopAafIrG54YVLRoy+EJ1Jcd91vq0k:tsiINjKJ2obagK1zrLJR3
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-