General
-
Target
Tester.exe
-
Size
11.3MB
-
Sample
221124-zs5atacg5y
-
MD5
2b9c4125be622c2af2784016db985bc8
-
SHA1
733064f30eeb89e260103b4b2ce06582d042be83
-
SHA256
f224cb31d5b44800d57940e547e9a1cbefc43f6a4d9459a4dc822719839a5f32
-
SHA512
eadac4a042cd529df8fbdad8cc068be9947fa89d11111941035e903322a33d0863d8e65078cb096bd751400fab6d4890f8fcaa6f632339a5d1e2ef12c1ba7105
-
SSDEEP
196608:u3y9onJ5hrZERMB2WZufOuD9L2+qN9AUKzezdn0JhFVbNvAKy+BhvvIWvRm:ey9c5hlERo2WmfDZ2pN9AUKzeN8jHhBX
Malware Config
Targets
-
-
Target
Tester.exe
-
Size
11.3MB
-
MD5
2b9c4125be622c2af2784016db985bc8
-
SHA1
733064f30eeb89e260103b4b2ce06582d042be83
-
SHA256
f224cb31d5b44800d57940e547e9a1cbefc43f6a4d9459a4dc822719839a5f32
-
SHA512
eadac4a042cd529df8fbdad8cc068be9947fa89d11111941035e903322a33d0863d8e65078cb096bd751400fab6d4890f8fcaa6f632339a5d1e2ef12c1ba7105
-
SSDEEP
196608:u3y9onJ5hrZERMB2WZufOuD9L2+qN9AUKzezdn0JhFVbNvAKy+BhvvIWvRm:ey9c5hlERo2WmfDZ2pN9AUKzeN8jHhBX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-