General
-
Target
93ae430faa064f62577432b8a20cdf9b874fc343cea91c24cf206393e01b7c61
-
Size
271KB
-
Sample
221123-m42b3sfg82
-
MD5
3c0e70a2ae0aa0d6e79dedff1c44be16
-
SHA1
60d146b8624f9dd99934301089c00a88213aee7b
-
SHA256
93ae430faa064f62577432b8a20cdf9b874fc343cea91c24cf206393e01b7c61
-
SHA512
36a5b1e9a2cf3d3e14b7695d47962c41c199036fe9dbcde9b18b49a48d819ee7f26404277127e7422c53e7034ed00d66327aeef4505a8f93da1fd93b134186c7
-
SSDEEP
6144:ONvT266hTKNovhQphgdqnit2Mk9LUCXy7e+RF8ERf1VRbIo:Ei66h2Yhag0nisJUSm1VRr
Malware Config
Targets
-
-
Target
93ae430faa064f62577432b8a20cdf9b874fc343cea91c24cf206393e01b7c61
-
Size
271KB
-
MD5
3c0e70a2ae0aa0d6e79dedff1c44be16
-
SHA1
60d146b8624f9dd99934301089c00a88213aee7b
-
SHA256
93ae430faa064f62577432b8a20cdf9b874fc343cea91c24cf206393e01b7c61
-
SHA512
36a5b1e9a2cf3d3e14b7695d47962c41c199036fe9dbcde9b18b49a48d819ee7f26404277127e7422c53e7034ed00d66327aeef4505a8f93da1fd93b134186c7
-
SSDEEP
6144:ONvT266hTKNovhQphgdqnit2Mk9LUCXy7e+RF8ERf1VRbIo:Ei66h2Yhag0nisJUSm1VRr
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-