General
-
Target
faf8311d8f0af1bf38d8139decdfc2f90809c09ffe468cf42065c4d4b22a7461
-
Size
174KB
-
Sample
221123-mwkdlafb79
-
MD5
c1fca4a8d5ef5cb77cadcd9ef1f85542
-
SHA1
30cd3d274fb82cccf90373b831d8ec0eedff7c50
-
SHA256
faf8311d8f0af1bf38d8139decdfc2f90809c09ffe468cf42065c4d4b22a7461
-
SHA512
1474d4f45b3257a62d75c2f88943fb30add1ec5a20cc0f39aa3e22d7133afcb6513e09b2373cc31de7b121f934902c1a365b74890391cf85a91206114d080340
-
SSDEEP
3072:VLk395hYXJ1EILa77j2NZkMn/ALB+Ip4YE9A6c8eS/cVDf3ai8WygbN9d6v4:VQq4ILI8ZNnIDRE9W0cVf3aqfNL6w
Malware Config
Targets
-
-
Target
faf8311d8f0af1bf38d8139decdfc2f90809c09ffe468cf42065c4d4b22a7461
-
Size
174KB
-
MD5
c1fca4a8d5ef5cb77cadcd9ef1f85542
-
SHA1
30cd3d274fb82cccf90373b831d8ec0eedff7c50
-
SHA256
faf8311d8f0af1bf38d8139decdfc2f90809c09ffe468cf42065c4d4b22a7461
-
SHA512
1474d4f45b3257a62d75c2f88943fb30add1ec5a20cc0f39aa3e22d7133afcb6513e09b2373cc31de7b121f934902c1a365b74890391cf85a91206114d080340
-
SSDEEP
3072:VLk395hYXJ1EILa77j2NZkMn/ALB+Ip4YE9A6c8eS/cVDf3ai8WygbN9d6v4:VQq4ILI8ZNnIDRE9W0cVf3aqfNL6w
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-