General
-
Target
3fce2e995b012f661a59fda9609e5eb546236aa941a1609c04dacab658050939
-
Size
2.0MB
-
Sample
221125-n89dxsae5t
-
MD5
504a844c869ee157494cd95e6f2ccd30
-
SHA1
f0b2d97d7abc916473211141816df126eb978cee
-
SHA256
3fce2e995b012f661a59fda9609e5eb546236aa941a1609c04dacab658050939
-
SHA512
b0c8142fe292ccb6fb1eb533188fa0594e09ee40c9ac083313a4ddb5e2927c55fb14d2eed0189bbe2dd7ef4cca37821353c817fcdc2fefad0bd5b94b5ccab9ab
-
SSDEEP
49152:gDwk0y1heAeC0c+21ACCZtgcZEomhthlpR:jkgC0c3ACCZKomhtxR
Malware Config
Targets
-
-
Target
3fce2e995b012f661a59fda9609e5eb546236aa941a1609c04dacab658050939
-
Size
2.0MB
-
MD5
504a844c869ee157494cd95e6f2ccd30
-
SHA1
f0b2d97d7abc916473211141816df126eb978cee
-
SHA256
3fce2e995b012f661a59fda9609e5eb546236aa941a1609c04dacab658050939
-
SHA512
b0c8142fe292ccb6fb1eb533188fa0594e09ee40c9ac083313a4ddb5e2927c55fb14d2eed0189bbe2dd7ef4cca37821353c817fcdc2fefad0bd5b94b5ccab9ab
-
SSDEEP
49152:gDwk0y1heAeC0c+21ACCZtgcZEomhthlpR:jkgC0c3ACCZKomhtxR
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-