General
-
Target
b6609fd13a3433e9319541772aaecd5bb1d22ddf7aec0b749cc1ae23a8b51008
-
Size
1.1MB
-
Sample
221125-ps5lgagg85
-
MD5
1ce2f103663d2f7d02efff5645f950cd
-
SHA1
6d6d4c0f377ad7a1e6a1d828a9f60de20858c7d7
-
SHA256
b6609fd13a3433e9319541772aaecd5bb1d22ddf7aec0b749cc1ae23a8b51008
-
SHA512
766a3f772307ef39996e42c2841a5e5a2184ffb205e23920a54848e2c159f85993e6ef4510ae14e2e6c3189743637867117ccd61b60883a8137fbc5c5459b2b4
-
SSDEEP
24576:9W1axi6WAfv9ILOMFLHdbFcZURIceeboq5wnX1wGJUDM:o1mjWIvKLNL/cZURIceebiRP
Malware Config
Targets
-
-
Target
b6609fd13a3433e9319541772aaecd5bb1d22ddf7aec0b749cc1ae23a8b51008
-
Size
1.1MB
-
MD5
1ce2f103663d2f7d02efff5645f950cd
-
SHA1
6d6d4c0f377ad7a1e6a1d828a9f60de20858c7d7
-
SHA256
b6609fd13a3433e9319541772aaecd5bb1d22ddf7aec0b749cc1ae23a8b51008
-
SHA512
766a3f772307ef39996e42c2841a5e5a2184ffb205e23920a54848e2c159f85993e6ef4510ae14e2e6c3189743637867117ccd61b60883a8137fbc5c5459b2b4
-
SSDEEP
24576:9W1axi6WAfv9ILOMFLHdbFcZURIceeboq5wnX1wGJUDM:o1mjWIvKLNL/cZURIceebiRP
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-