General
-
Target
5d0356adf5843fa448d558b8f0f0f7cda32e51f1ffeb56e38db8fd6b06f34049
-
Size
2.3MB
-
Sample
221129-nhpxladh23
-
MD5
f1c3f556e232aee253141a71cfaf95fc
-
SHA1
2748cbafc7f3c9a3752dc1446ee838c5c5506b23
-
SHA256
5d0356adf5843fa448d558b8f0f0f7cda32e51f1ffeb56e38db8fd6b06f34049
-
SHA512
0c4c75940ca4ced873c9b32d2c28d65988035f651a9e613e79e5cbd54d964c7fa9d10a3d43f90260ac2b37b1fea89e0341bc9f0d3c2e6e022c2fcc0c3a3ae5bd
-
SSDEEP
49152:M+l4MCn3OAEuMLxmeGxcG1JJcW/TOMuZ41untksvWimPP:nE3OvmeGxj1JJcWrONZ4gn2sei
Malware Config
Targets
-
-
Target
5d0356adf5843fa448d558b8f0f0f7cda32e51f1ffeb56e38db8fd6b06f34049
-
Size
2.3MB
-
MD5
f1c3f556e232aee253141a71cfaf95fc
-
SHA1
2748cbafc7f3c9a3752dc1446ee838c5c5506b23
-
SHA256
5d0356adf5843fa448d558b8f0f0f7cda32e51f1ffeb56e38db8fd6b06f34049
-
SHA512
0c4c75940ca4ced873c9b32d2c28d65988035f651a9e613e79e5cbd54d964c7fa9d10a3d43f90260ac2b37b1fea89e0341bc9f0d3c2e6e022c2fcc0c3a3ae5bd
-
SSDEEP
49152:M+l4MCn3OAEuMLxmeGxcG1JJcW/TOMuZ41untksvWimPP:nE3OvmeGxj1JJcWrONZ4gn2sei
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-