General
-
Target
be677b72dafc85001492f5a68a9c45bdf855e816669ed3e2c761f961df845de0
-
Size
287KB
-
Sample
221123-m5vwpafh45
-
MD5
85310dbf72bc4ecc5cf39d266c0da5a8
-
SHA1
48e7de8d78d75e30b3f2ef17758b16939e88e5da
-
SHA256
be677b72dafc85001492f5a68a9c45bdf855e816669ed3e2c761f961df845de0
-
SHA512
bc2b633ac821fcc452f01b2f8f786c29504964727f4f24e148575cf98879b6238cb5bfc559f6ee202e931e9659a519cc910bec6f84fd53b48879c22ba1ac6b89
-
SSDEEP
6144:pQqDnUjt3U4/CMMBs4H9gKirEACmims9xN6G50l5KmPD:rUpE4/KXH9pirD6xN6G6l7
Malware Config
Targets
-
-
Target
be677b72dafc85001492f5a68a9c45bdf855e816669ed3e2c761f961df845de0
-
Size
287KB
-
MD5
85310dbf72bc4ecc5cf39d266c0da5a8
-
SHA1
48e7de8d78d75e30b3f2ef17758b16939e88e5da
-
SHA256
be677b72dafc85001492f5a68a9c45bdf855e816669ed3e2c761f961df845de0
-
SHA512
bc2b633ac821fcc452f01b2f8f786c29504964727f4f24e148575cf98879b6238cb5bfc559f6ee202e931e9659a519cc910bec6f84fd53b48879c22ba1ac6b89
-
SSDEEP
6144:pQqDnUjt3U4/CMMBs4H9gKirEACmims9xN6G50l5KmPD:rUpE4/KXH9pirD6xN6G6l7
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-