General
-
Target
5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
-
Size
2.2MB
-
Sample
221127-ntgeladh62
-
MD5
55c447191d9566c7442e25c4caf0d2fe
-
SHA1
646762cee3a5caab9accd21efcb100cd49b8ef8a
-
SHA256
5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
-
SHA512
9da8d4eb744308253f9befc238f4d1bd3122e06aa578b50ad2d27cb7a11d76fd1a95428df66ef287783139e5d3c8bf10d6fca6833867f8285cd06637843faa7e
-
SSDEEP
49152:ZQwS6fiVzAdAqfR8K+CQmh2l2qf4LSQmCRnXhRaNQRWGNfbzQUo:+N6aVzAyqfnzQf4LptnXasW4fwU
Malware Config
Targets
-
-
Target
5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
-
Size
2.2MB
-
MD5
55c447191d9566c7442e25c4caf0d2fe
-
SHA1
646762cee3a5caab9accd21efcb100cd49b8ef8a
-
SHA256
5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
-
SHA512
9da8d4eb744308253f9befc238f4d1bd3122e06aa578b50ad2d27cb7a11d76fd1a95428df66ef287783139e5d3c8bf10d6fca6833867f8285cd06637843faa7e
-
SSDEEP
49152:ZQwS6fiVzAdAqfR8K+CQmh2l2qf4LSQmCRnXhRaNQRWGNfbzQUo:+N6aVzAyqfnzQf4LptnXasW4fwU
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-