General
-
Target
899fc1da5a83ec8a1dcf1c15004e8ba450ce363dfa9896b6bcc7179fe2f0b8be
-
Size
2.2MB
-
Sample
221202-2gfjesba76
-
MD5
949e1c654a86cc5f138fba8679479935
-
SHA1
6cdf816933857a44eb89d11a35ffdc48de169712
-
SHA256
899fc1da5a83ec8a1dcf1c15004e8ba450ce363dfa9896b6bcc7179fe2f0b8be
-
SHA512
1147c2cb6381b285be2a624ec311548e3589e3c82033e4006c9cb40a7cf4d5a33696978d352fe66165c5ff94f71fb7beadddc662418422b092c2afe7efa6e2e2
-
SSDEEP
24576:7n/LiLfc6C75KOfHT74FvTqlcLY169ezwakLzVnSMPxrhQeigzv+QX2XNbMY0vQq:L/ycPAFqlD69ezh4hZiWVqVev+ypZt
Malware Config
Targets
-
-
Target
899fc1da5a83ec8a1dcf1c15004e8ba450ce363dfa9896b6bcc7179fe2f0b8be
-
Size
2.2MB
-
MD5
949e1c654a86cc5f138fba8679479935
-
SHA1
6cdf816933857a44eb89d11a35ffdc48de169712
-
SHA256
899fc1da5a83ec8a1dcf1c15004e8ba450ce363dfa9896b6bcc7179fe2f0b8be
-
SHA512
1147c2cb6381b285be2a624ec311548e3589e3c82033e4006c9cb40a7cf4d5a33696978d352fe66165c5ff94f71fb7beadddc662418422b092c2afe7efa6e2e2
-
SSDEEP
24576:7n/LiLfc6C75KOfHT74FvTqlcLY169ezwakLzVnSMPxrhQeigzv+QX2XNbMY0vQq:L/ycPAFqlD69ezh4hZiWVqVev+ypZt
Score8/10-
Adds policy Run key to start application
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-