General
-
Target
2fd530a8d8ae92a284a6a93daab6a35055f331b235294f5e7c4152f6cbe85677
-
Size
181KB
-
Sample
221123-lkn2zabf34
-
MD5
c7c15c6b0da34a939b26708b12a20cd2
-
SHA1
e816aecc4e2be5752ceb5bb65c139ad97fa86dce
-
SHA256
2fd530a8d8ae92a284a6a93daab6a35055f331b235294f5e7c4152f6cbe85677
-
SHA512
9f309787ce81daeec98e0c8fd60f910ab3083e00f1b808788934bdae7b94eda14a8a6aed5a1c369e1304e78ae7ded42930da0b3abe88670b29c02553dc37e816
-
SSDEEP
3072:MLk395hYXJZnZ77j2NZkM2y5JQ7ps9PyBmZ/Ixe1+jm3JWlKz4zlxDqMT:MQqv98ZN2ims96O/RoqZoTfDqMT
Malware Config
Targets
-
-
Target
2fd530a8d8ae92a284a6a93daab6a35055f331b235294f5e7c4152f6cbe85677
-
Size
181KB
-
MD5
c7c15c6b0da34a939b26708b12a20cd2
-
SHA1
e816aecc4e2be5752ceb5bb65c139ad97fa86dce
-
SHA256
2fd530a8d8ae92a284a6a93daab6a35055f331b235294f5e7c4152f6cbe85677
-
SHA512
9f309787ce81daeec98e0c8fd60f910ab3083e00f1b808788934bdae7b94eda14a8a6aed5a1c369e1304e78ae7ded42930da0b3abe88670b29c02553dc37e816
-
SSDEEP
3072:MLk395hYXJZnZ77j2NZkM2y5JQ7ps9PyBmZ/Ixe1+jm3JWlKz4zlxDqMT:MQqv98ZN2ims96O/RoqZoTfDqMT
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-