General
-
Target
49b3f496f07724567d42a15545eef7678892f16e37b7d20b16595a7add9b969a
-
Size
2.3MB
-
Sample
221127-vbt2asgc3x
-
MD5
7939fcc1db7f645a00bcf3baa840eba2
-
SHA1
362cdef7286fd7281570eff7d6d709309a875fc6
-
SHA256
49b3f496f07724567d42a15545eef7678892f16e37b7d20b16595a7add9b969a
-
SHA512
535068b8877ff55534353e951f96813e6bf49f90cf51e027cde1d2cc7e347a5a60e6b5783a5aae58c16dc9949878b2282a06aa12f7298ad16af39fbed829b45b
-
SSDEEP
49152:KAghEFyUMi4pRF3T+hIDdcBmcwpyYBNUjLq8W/9Pzb4pa2hhsXuwtJ0ygzt:RAElwRdT1Rc0cRyGjB0zbgVhhsXXu
Malware Config
Targets
-
-
Target
ն氢V3.1/SkinH_EL.dll
-
Size
86KB
-
MD5
147127382e001f495d1842ee7a9e7912
-
SHA1
92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b
-
SHA256
edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc
-
SHA512
97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d
-
SSDEEP
1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK
Score8/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
ն氢V3.1/ն氢.exe
-
Size
2.3MB
-
MD5
03b2f245fc58cf19fd36a21aaece2b35
-
SHA1
b2213838e93c0be9eb455a2d72200585d0087ee8
-
SHA256
10843f0bd554bbeac32875ce8de189fed96a85929221a92711e62d11a495bc85
-
SHA512
95d9498863970e51a11041448e022a1e53e14f70e410895601ad71368b134e42806fb35550f43126fcfafbafb7808dd910c5c7303926030df988cb7ec6f403d4
-
SSDEEP
49152:s65+Fqcm22ls+nYasSPHo+odLTwuh2EePQEv7EL2XpIz537h2uEq22EM:sy+zos+nYa5g+odfwC3ruE53K2EM
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-