General
-
Target
ae814e6e500b38e79f0e5541148857657b78da331e1f2b8e6959e90e7f427a6e
-
Size
1.9MB
-
Sample
221130-3cv9raeb24
-
MD5
7429b8f292f85ffa84e1657e60abc887
-
SHA1
b6aa0c059bb76a4928f4d2d9854bf8a0b5ebad67
-
SHA256
ae814e6e500b38e79f0e5541148857657b78da331e1f2b8e6959e90e7f427a6e
-
SHA512
5f426ce668781d2b1ac2f4155fc4198a241c8394227b9b0e51763d3ea06c7f229591e07e9cfc1061c0af3449b7554c97f332a1c1757483b63bff5cbc2bfdf51e
-
SSDEEP
24576:PdDIebyqqi2saCSwBjDfx+5w/R13lrUi8DZCTfQxVPBkZQpFXSKQZCTfQxVPBkZo:PtvJqiGQ1+m1RpWCTav4CTavX
Malware Config
Targets
-
-
Target
ae814e6e500b38e79f0e5541148857657b78da331e1f2b8e6959e90e7f427a6e
-
Size
1.9MB
-
MD5
7429b8f292f85ffa84e1657e60abc887
-
SHA1
b6aa0c059bb76a4928f4d2d9854bf8a0b5ebad67
-
SHA256
ae814e6e500b38e79f0e5541148857657b78da331e1f2b8e6959e90e7f427a6e
-
SHA512
5f426ce668781d2b1ac2f4155fc4198a241c8394227b9b0e51763d3ea06c7f229591e07e9cfc1061c0af3449b7554c97f332a1c1757483b63bff5cbc2bfdf51e
-
SSDEEP
24576:PdDIebyqqi2saCSwBjDfx+5w/R13lrUi8DZCTfQxVPBkZQpFXSKQZCTfQxVPBkZo:PtvJqiGQ1+m1RpWCTav4CTavX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-