General
-
Target
a6466ebd1746024f5685c42a78e4b66a052df232aeed580c00e666f0489875f0
-
Size
9.5MB
-
Sample
221127-abzxbshh8v
-
MD5
2823dc27e53e8adaff905739372761d6
-
SHA1
2c84f1f4354c3dc5008eceda0de586affde068b8
-
SHA256
a6466ebd1746024f5685c42a78e4b66a052df232aeed580c00e666f0489875f0
-
SHA512
e9dbad7fcf46f8bf40d30eccf908a81a0e32fbe15c9a7b2eb617b2f6a966b9e3a9f560d441d9cd46a17f79a45c03cdb1dd3c3a9a26c5ac9315ed61164ff809d2
-
SSDEEP
196608:zesdHjqQeHd10bdLO/MwbQfCRvpXLrX+3MINhN4d03:Ks81OdLOESzxLT+3MInCdg
Malware Config
Targets
-
-
Target
a6466ebd1746024f5685c42a78e4b66a052df232aeed580c00e666f0489875f0
-
Size
9.5MB
-
MD5
2823dc27e53e8adaff905739372761d6
-
SHA1
2c84f1f4354c3dc5008eceda0de586affde068b8
-
SHA256
a6466ebd1746024f5685c42a78e4b66a052df232aeed580c00e666f0489875f0
-
SHA512
e9dbad7fcf46f8bf40d30eccf908a81a0e32fbe15c9a7b2eb617b2f6a966b9e3a9f560d441d9cd46a17f79a45c03cdb1dd3c3a9a26c5ac9315ed61164ff809d2
-
SSDEEP
196608:zesdHjqQeHd10bdLO/MwbQfCRvpXLrX+3MINhN4d03:Ks81OdLOESzxLT+3MInCdg
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-