General
-
Target
1f1dedc431399ac7ed17709052e3a3762dca7e6fe890f952062e68c8a13852e2
-
Size
7.1MB
-
Sample
230130-ydjvwscd66
-
MD5
01303eaf097a8e5e40e8602abaea9e40
-
SHA1
d95ec0dc956fb315e368a6d4243398d42c48f613
-
SHA256
1f1dedc431399ac7ed17709052e3a3762dca7e6fe890f952062e68c8a13852e2
-
SHA512
c7e11049ff84ba78ee6e97c8031825a19143b2d7ecbe7107fc1c6e0bb14af845dcef87a3fe743aaac9f91335a772baf08ce3ab240dbcc98491c4f68270e9e64d
-
SSDEEP
196608:/qW6UgJ8/SECVB95b0C9EVrAunBD59tXzLl0g4LK3xJuW/MkOox:CWomSFz9KC9a9tvyg4KruMMkOQ
Malware Config
Targets
-
-
Target
1f1dedc431399ac7ed17709052e3a3762dca7e6fe890f952062e68c8a13852e2
-
Size
7.1MB
-
MD5
01303eaf097a8e5e40e8602abaea9e40
-
SHA1
d95ec0dc956fb315e368a6d4243398d42c48f613
-
SHA256
1f1dedc431399ac7ed17709052e3a3762dca7e6fe890f952062e68c8a13852e2
-
SHA512
c7e11049ff84ba78ee6e97c8031825a19143b2d7ecbe7107fc1c6e0bb14af845dcef87a3fe743aaac9f91335a772baf08ce3ab240dbcc98491c4f68270e9e64d
-
SSDEEP
196608:/qW6UgJ8/SECVB95b0C9EVrAunBD59tXzLl0g4LK3xJuW/MkOox:CWomSFz9KC9a9tvyg4KruMMkOQ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-