General
-
Target
3df2a3b39c12c6589480db6c3d54770a45435c4af606528041033d65664f5dd8
-
Size
190KB
-
Sample
221123-lkmtxabf32
-
MD5
c862cf464afb74d9e513fa73b5fbbbcc
-
SHA1
08ebd649d70431ebc635dc4d0a1cb1fd1df0a50f
-
SHA256
3df2a3b39c12c6589480db6c3d54770a45435c4af606528041033d65664f5dd8
-
SHA512
dee2a544f1b18106e172582abb51545c66690632490845514df93bb2cc9b20b8a6a0e95c3ca1758d76c6a62eaf7c2e2249c87a73e28013288f9d1b907d66e167
-
SSDEEP
3072:WgXdZt9P6D3XJXUJjzmb3GIOPOZFCmoYzHSVGrCvZu1/hdiCqKryyR2CSQvLR0g:We34ZU1zmDGIWkFjEZujdi9j5CSwLR0g
Malware Config
Targets
-
-
Target
3df2a3b39c12c6589480db6c3d54770a45435c4af606528041033d65664f5dd8
-
Size
190KB
-
MD5
c862cf464afb74d9e513fa73b5fbbbcc
-
SHA1
08ebd649d70431ebc635dc4d0a1cb1fd1df0a50f
-
SHA256
3df2a3b39c12c6589480db6c3d54770a45435c4af606528041033d65664f5dd8
-
SHA512
dee2a544f1b18106e172582abb51545c66690632490845514df93bb2cc9b20b8a6a0e95c3ca1758d76c6a62eaf7c2e2249c87a73e28013288f9d1b907d66e167
-
SSDEEP
3072:WgXdZt9P6D3XJXUJjzmb3GIOPOZFCmoYzHSVGrCvZu1/hdiCqKryyR2CSQvLR0g:We34ZU1zmDGIWkFjEZujdi9j5CSwLR0g
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-