General
-
Target
5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7
-
Size
182KB
-
Sample
221123-m6mlpsfh88
-
MD5
a349757a4ddb26e2a1b5c506b1f3a601
-
SHA1
075a2a15e21a91b8482a0205cc071f76d3492065
-
SHA256
5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7
-
SHA512
51773a2a069c7ef6549db62daf9d7c825c46c1020322f1cc7b43efb12307c0633e1b63f93596eacb57f5f00c661e1827fe87582e7e14e3a50935ece3f730ee57
-
SSDEEP
3072:JQIURTXJKeqgKJ+BCjHr1IABx6bYQaYWJu8DJldkZPKz/vz79Lqo1Wi5RLOP7Uq7:JsogKGABobBogygPKb9+o0iTcND4kJ
Malware Config
Targets
-
-
Target
5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7
-
Size
182KB
-
MD5
a349757a4ddb26e2a1b5c506b1f3a601
-
SHA1
075a2a15e21a91b8482a0205cc071f76d3492065
-
SHA256
5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7
-
SHA512
51773a2a069c7ef6549db62daf9d7c825c46c1020322f1cc7b43efb12307c0633e1b63f93596eacb57f5f00c661e1827fe87582e7e14e3a50935ece3f730ee57
-
SSDEEP
3072:JQIURTXJKeqgKJ+BCjHr1IABx6bYQaYWJu8DJldkZPKz/vz79Lqo1Wi5RLOP7Uq7:JsogKGABobBogygPKb9+o0iTcND4kJ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-