General
-
Target
f41f053e6ad573394f222f94dc2abc0be8997c4f7387c0d02a4f3f906c7f64af
-
Size
4.3MB
-
Sample
221127-mmcx6aed2s
-
MD5
d98e375d179fd6b689cfd141553cf6a6
-
SHA1
f527da20812ca0ae025089e9a16daf95424e3ba0
-
SHA256
f41f053e6ad573394f222f94dc2abc0be8997c4f7387c0d02a4f3f906c7f64af
-
SHA512
cf82f989368f26f3d4ae1e7e9f16c4fcae5208610ef20c5a27840e2a42b921f6c34d0f64588f8aef1546e1e82ca96026bb3f0b4d712f2a2d912eaaa9740134ef
-
SSDEEP
98304:iU/1UlKHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3QV:i+djjqPdDsDbsU0akJyxL405+fiX
Malware Config
Targets
-
-
Target
f41f053e6ad573394f222f94dc2abc0be8997c4f7387c0d02a4f3f906c7f64af
-
Size
4.3MB
-
MD5
d98e375d179fd6b689cfd141553cf6a6
-
SHA1
f527da20812ca0ae025089e9a16daf95424e3ba0
-
SHA256
f41f053e6ad573394f222f94dc2abc0be8997c4f7387c0d02a4f3f906c7f64af
-
SHA512
cf82f989368f26f3d4ae1e7e9f16c4fcae5208610ef20c5a27840e2a42b921f6c34d0f64588f8aef1546e1e82ca96026bb3f0b4d712f2a2d912eaaa9740134ef
-
SSDEEP
98304:iU/1UlKHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3QV:i+djjqPdDsDbsU0akJyxL405+fiX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-