General
-
Target
3bcd4cf5bf94a1fbbf46fe72850efc752254dfaa3658dabb32bc6f758b1c6bb0
-
Size
4.3MB
-
Sample
221127-mm9bcsaf46
-
MD5
bd81160ddb704d6abb2beee4eb60105e
-
SHA1
d09d03fd59965fcc0f196bf8caa7db7473d79a8a
-
SHA256
3bcd4cf5bf94a1fbbf46fe72850efc752254dfaa3658dabb32bc6f758b1c6bb0
-
SHA512
f0aa893ea75fb67a3165488e6772def509b4127793ee5769e225e65b555496158be429789c4023c1083fdcfb277d97e8cbec4ceb266db110f576beb62c979846
-
SSDEEP
98304:1KAMucHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3Q9j:8AMuidjjqPdDsDbsU0akJyxL405+fiX
Malware Config
Targets
-
-
Target
3bcd4cf5bf94a1fbbf46fe72850efc752254dfaa3658dabb32bc6f758b1c6bb0
-
Size
4.3MB
-
MD5
bd81160ddb704d6abb2beee4eb60105e
-
SHA1
d09d03fd59965fcc0f196bf8caa7db7473d79a8a
-
SHA256
3bcd4cf5bf94a1fbbf46fe72850efc752254dfaa3658dabb32bc6f758b1c6bb0
-
SHA512
f0aa893ea75fb67a3165488e6772def509b4127793ee5769e225e65b555496158be429789c4023c1083fdcfb277d97e8cbec4ceb266db110f576beb62c979846
-
SSDEEP
98304:1KAMucHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3Q9j:8AMuidjjqPdDsDbsU0akJyxL405+fiX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-