General
-
Target
bbd16da0c8995d731e9b0b3d226ce29111f52986fa0d9258641f0ff28ad63110
-
Size
4.3MB
-
Sample
221127-mmkm1aed3s
-
MD5
699ef5ca88c704ff6fafdb51a1f3a1e2
-
SHA1
0d6250afa5ad7cbc082b713470327e00a27a3230
-
SHA256
bbd16da0c8995d731e9b0b3d226ce29111f52986fa0d9258641f0ff28ad63110
-
SHA512
a9aa5b49f451866e682ad282e6f060ff1ef60b03ed4ea03e15574ece4add4c244d483121fc58abbe6a5eb88b32c1baec0a9f16e5136b86fe6d05c7425d765b00
-
SSDEEP
98304:yD93PLtGUlXHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VZ:qjdjjqPdDsDbsU0akJyxL405+fiX
Malware Config
Targets
-
-
Target
bbd16da0c8995d731e9b0b3d226ce29111f52986fa0d9258641f0ff28ad63110
-
Size
4.3MB
-
MD5
699ef5ca88c704ff6fafdb51a1f3a1e2
-
SHA1
0d6250afa5ad7cbc082b713470327e00a27a3230
-
SHA256
bbd16da0c8995d731e9b0b3d226ce29111f52986fa0d9258641f0ff28ad63110
-
SHA512
a9aa5b49f451866e682ad282e6f060ff1ef60b03ed4ea03e15574ece4add4c244d483121fc58abbe6a5eb88b32c1baec0a9f16e5136b86fe6d05c7425d765b00
-
SSDEEP
98304:yD93PLtGUlXHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VZ:qjdjjqPdDsDbsU0akJyxL405+fiX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-