General
-
Target
52e5753e9bc002e71b33e6b72582f7d69e5723e95c61e1d75a2b6e6956328428
-
Size
17.2MB
-
Sample
221125-n36qvafa25
-
MD5
485a218bdbfdc337875498281ac02f3c
-
SHA1
8ecfaf2f07710b3ef4173bd6c1919d0f7c829b09
-
SHA256
52e5753e9bc002e71b33e6b72582f7d69e5723e95c61e1d75a2b6e6956328428
-
SHA512
2d3ab0b00b73736d58c5bcc419c7cbd3261a467a7d6839f0c81352e6518ffa73e9df99bbe78b1dd56d5960532fe3f176a916f7d7fc2d95d51b5c848a4f79f540
-
SSDEEP
393216:KK8SMs7UPwyGg9UaC2FSiAcWhsCRpKV6rAS5Cy04WyuAHdfyW8:tAwyGIUaC2S9cwsGQAMOCUHDQN
Malware Config
Targets
-
-
Target
52e5753e9bc002e71b33e6b72582f7d69e5723e95c61e1d75a2b6e6956328428
-
Size
17.2MB
-
MD5
485a218bdbfdc337875498281ac02f3c
-
SHA1
8ecfaf2f07710b3ef4173bd6c1919d0f7c829b09
-
SHA256
52e5753e9bc002e71b33e6b72582f7d69e5723e95c61e1d75a2b6e6956328428
-
SHA512
2d3ab0b00b73736d58c5bcc419c7cbd3261a467a7d6839f0c81352e6518ffa73e9df99bbe78b1dd56d5960532fe3f176a916f7d7fc2d95d51b5c848a4f79f540
-
SSDEEP
393216:KK8SMs7UPwyGg9UaC2FSiAcWhsCRpKV6rAS5Cy04WyuAHdfyW8:tAwyGIUaC2S9cwsGQAMOCUHDQN
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-