General
-
Target
bd9a7a70f681de21cb9f15bfea9fbb32e567f0c31381ed41b774845df4e13143
-
Size
1.9MB
-
Sample
221125-psth7sbh9z
-
MD5
5d43552df24166fe8e2d28139b1b08d2
-
SHA1
202eff85e40c2d69eb8c23261c2ed6908be3c28b
-
SHA256
bd9a7a70f681de21cb9f15bfea9fbb32e567f0c31381ed41b774845df4e13143
-
SHA512
aeda91072a11381b9077d785b127c7d2396f8513f810a839120f29481c431acd514f84885dcd277062f2a718bea2ee922f48312f0661a5b022bfa2e48d9cdbf5
-
SSDEEP
49152:LaHCkNf4l4XOz5UTgtHrLIS/9frKeH769tubNJr433O:SCkN0tUEtLLpltp
Malware Config
Targets
-
-
Target
bd9a7a70f681de21cb9f15bfea9fbb32e567f0c31381ed41b774845df4e13143
-
Size
1.9MB
-
MD5
5d43552df24166fe8e2d28139b1b08d2
-
SHA1
202eff85e40c2d69eb8c23261c2ed6908be3c28b
-
SHA256
bd9a7a70f681de21cb9f15bfea9fbb32e567f0c31381ed41b774845df4e13143
-
SHA512
aeda91072a11381b9077d785b127c7d2396f8513f810a839120f29481c431acd514f84885dcd277062f2a718bea2ee922f48312f0661a5b022bfa2e48d9cdbf5
-
SSDEEP
49152:LaHCkNf4l4XOz5UTgtHrLIS/9frKeH769tubNJr433O:SCkN0tUEtLLpltp
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-