General
-
Target
7ab6d49b35535dbe8e786f46d6ab678a380e1c03bbff6b697ccbbdf5afea27f0
-
Size
1.3MB
-
Sample
221123-q7y8nsah6w
-
MD5
228507635e59a9136b555610d081fea4
-
SHA1
78eea80b3be3ddeb90b7324ca5a9f7287de62718
-
SHA256
7ab6d49b35535dbe8e786f46d6ab678a380e1c03bbff6b697ccbbdf5afea27f0
-
SHA512
5cc3b12d14492b1beec03c980bbbc3061dea4913df1354a5c9496caf3fde5c58c82ab8e5d326f641d20dd0e6070fe0b384fef54843908c22e94f407784065f79
-
SSDEEP
24576:tEOFPZNf4foo2+9BTE6qLa4uUuCS6L7WxOTOCKvAaic+ip9ryq9MW/mS5pqYYTv:tTZ14fvZ/89uDCGMTOCKvAtHeN/t574v
Malware Config
Targets
-
-
Target
7ab6d49b35535dbe8e786f46d6ab678a380e1c03bbff6b697ccbbdf5afea27f0
-
Size
1.3MB
-
MD5
228507635e59a9136b555610d081fea4
-
SHA1
78eea80b3be3ddeb90b7324ca5a9f7287de62718
-
SHA256
7ab6d49b35535dbe8e786f46d6ab678a380e1c03bbff6b697ccbbdf5afea27f0
-
SHA512
5cc3b12d14492b1beec03c980bbbc3061dea4913df1354a5c9496caf3fde5c58c82ab8e5d326f641d20dd0e6070fe0b384fef54843908c22e94f407784065f79
-
SSDEEP
24576:tEOFPZNf4foo2+9BTE6qLa4uUuCS6L7WxOTOCKvAaic+ip9ryq9MW/mS5pqYYTv:tTZ14fvZ/89uDCGMTOCKvAtHeN/t574v
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-