General
-
Target
b5660f2242de3dbf0b26ae412dec53eee38f389bda11adbe3b2d5db2ddcb109e
-
Size
5.5MB
-
Sample
221127-slnk6abe5t
-
MD5
eeb3f9a08db8149be09802561168b93a
-
SHA1
1c1857df147a96daec9d299faa6a7b445de92f41
-
SHA256
b5660f2242de3dbf0b26ae412dec53eee38f389bda11adbe3b2d5db2ddcb109e
-
SHA512
f4f5dc55e6c92f0ec4e3f44a4a70acb98e6ba3bedaa9faeddc617f86444185aaa8c8ddb730c8b5d3dbcb908effa9f832bbe42af6e5aa91888a2f8003654130d1
-
SSDEEP
98304:3dnV3PChNd/wk7RZFY/k5FVvbZDwhYzrOouzlgt0UO3RDunQhgkQRI9ndfxSXdw:1RahNdok7RZFY/k571IYL92xRDsQhgkF
Malware Config
Targets
-
-
Target
b5660f2242de3dbf0b26ae412dec53eee38f389bda11adbe3b2d5db2ddcb109e
-
Size
5.5MB
-
MD5
eeb3f9a08db8149be09802561168b93a
-
SHA1
1c1857df147a96daec9d299faa6a7b445de92f41
-
SHA256
b5660f2242de3dbf0b26ae412dec53eee38f389bda11adbe3b2d5db2ddcb109e
-
SHA512
f4f5dc55e6c92f0ec4e3f44a4a70acb98e6ba3bedaa9faeddc617f86444185aaa8c8ddb730c8b5d3dbcb908effa9f832bbe42af6e5aa91888a2f8003654130d1
-
SSDEEP
98304:3dnV3PChNd/wk7RZFY/k5FVvbZDwhYzrOouzlgt0UO3RDunQhgkQRI9ndfxSXdw:1RahNdok7RZFY/k571IYL92xRDsQhgkF
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-