General
-
Target
d3808863ba5da033ef17d79c7ed2a0d4ccea026deff3c9042e4032e9163d1dd9
-
Size
4.3MB
-
Sample
221127-mmhhmsed2z
-
MD5
a2c6a7c83aaf6dd81953271d1e92b4f2
-
SHA1
bbd9e3cc85d5d8a55cb5144de77902ffc92b4f4c
-
SHA256
d3808863ba5da033ef17d79c7ed2a0d4ccea026deff3c9042e4032e9163d1dd9
-
SHA512
a90378bd59e1818a73807117f6649e8de5fa9b8b60e935e5a73686ef1d2cc65a440fc06bedda7c15585249bc9222bce3f3d207544063512fc26768f470a1156a
-
SSDEEP
98304:yB/bHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3Q9Oh8:yndjjqPdDsDbsU0akJyxL405+fiX
Malware Config
Targets
-
-
Target
d3808863ba5da033ef17d79c7ed2a0d4ccea026deff3c9042e4032e9163d1dd9
-
Size
4.3MB
-
MD5
a2c6a7c83aaf6dd81953271d1e92b4f2
-
SHA1
bbd9e3cc85d5d8a55cb5144de77902ffc92b4f4c
-
SHA256
d3808863ba5da033ef17d79c7ed2a0d4ccea026deff3c9042e4032e9163d1dd9
-
SHA512
a90378bd59e1818a73807117f6649e8de5fa9b8b60e935e5a73686ef1d2cc65a440fc06bedda7c15585249bc9222bce3f3d207544063512fc26768f470a1156a
-
SSDEEP
98304:yB/bHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3Q9Oh8:yndjjqPdDsDbsU0akJyxL405+fiX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-