General
-
Target
ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
-
Size
825KB
-
Sample
221125-pvestsca9z
-
MD5
f6b746067124541442b153118fa1f839
-
SHA1
c4d09b404213b7fb0c14a47fce8b7f01baf67d0e
-
SHA256
ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
-
SHA512
a56adc9fe00dad2e37a377888b93bcdba45afb6534e55fdd1689a4e383fc35517ab2d3913d7a7a485b076fc7fad3c548927d6a902332675bc0c86cc5f846c531
-
SSDEEP
12288:Z5TqrcHghrkp7PCwn9rzbxh65T4Bccme63u+MA34yXlZ2rL3i63OV3WjjkLz5+pP:Z5TqJrkpuErm58OeVeosZQ3ih9WHG
Static task
static1
Behavioral task
behavioral1
Sample
ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357.dll
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
-
Size
825KB
-
MD5
f6b746067124541442b153118fa1f839
-
SHA1
c4d09b404213b7fb0c14a47fce8b7f01baf67d0e
-
SHA256
ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
-
SHA512
a56adc9fe00dad2e37a377888b93bcdba45afb6534e55fdd1689a4e383fc35517ab2d3913d7a7a485b076fc7fad3c548927d6a902332675bc0c86cc5f846c531
-
SSDEEP
12288:Z5TqrcHghrkp7PCwn9rzbxh65T4Bccme63u+MA34yXlZ2rL3i63OV3WjjkLz5+pP:Z5TqJrkpuErm58OeVeosZQ3ih9WHG
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-