General
-
Target
af2c7dfcb419bdbfc991baa48232fe4751484396012eec9ad42e81f20894d40f
-
Size
5.6MB
-
Sample
221123-m7lqssga62
-
MD5
6c606fd3793d4d1cbdae751ab8340275
-
SHA1
6dacbf35349432bdd90cc55b278d7bab77d214ea
-
SHA256
af2c7dfcb419bdbfc991baa48232fe4751484396012eec9ad42e81f20894d40f
-
SHA512
219bfa68b9794dd37fb63c8678cb606667b57a078f69c5f06de6621de121167503a500dd2af60361971619dbba07a258d21680082ef63ae79a5f67175e96915f
-
SSDEEP
98304:M3ywaeVt82hJyS9F3eY+mg8hjaC9Y8IFNUzzqfUkpl28TU8AJeB4o3QiG:M3ywaef8wyo3eY+mFjV9Y8IFNWqMkplL
Malware Config
Targets
-
-
Target
af2c7dfcb419bdbfc991baa48232fe4751484396012eec9ad42e81f20894d40f
-
Size
5.6MB
-
MD5
6c606fd3793d4d1cbdae751ab8340275
-
SHA1
6dacbf35349432bdd90cc55b278d7bab77d214ea
-
SHA256
af2c7dfcb419bdbfc991baa48232fe4751484396012eec9ad42e81f20894d40f
-
SHA512
219bfa68b9794dd37fb63c8678cb606667b57a078f69c5f06de6621de121167503a500dd2af60361971619dbba07a258d21680082ef63ae79a5f67175e96915f
-
SSDEEP
98304:M3ywaeVt82hJyS9F3eY+mg8hjaC9Y8IFNUzzqfUkpl28TU8AJeB4o3QiG:M3ywaef8wyo3eY+mFjV9Y8IFNWqMkplL
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-