General
-
Target
Loader_protected.exe
-
Size
25.3MB
-
Sample
230314-pnyx5afc79
-
MD5
8cc84c3212164650b08f683d6d5d9bc9
-
SHA1
ccba4dea3ecf23f5c02e574a7f44b0f0c53bc586
-
SHA256
6141bc450a96c5abb89441191a57cebd53d7346f174ad620c16ab39bc9036d52
-
SHA512
06b56eddc6ad01a4bcbaaf15ac9ac0292bee340dd881e098aece9e3becfe0bcfb942198a5dcb7aee2d27407340954130b22e8a54172939693e9142ca2295f74e
-
SSDEEP
393216:xm0bMJiMaLNi3Ayp6Lvp7fX/J9aq81h4UmrTMfE/Ycyo11oE5oiLvElwz0saj:EIMiQ6rVzm4HTqEgcysHSiLMS3aj
Malware Config
Targets
-
-
Target
Loader_protected.exe
-
Size
25.3MB
-
MD5
8cc84c3212164650b08f683d6d5d9bc9
-
SHA1
ccba4dea3ecf23f5c02e574a7f44b0f0c53bc586
-
SHA256
6141bc450a96c5abb89441191a57cebd53d7346f174ad620c16ab39bc9036d52
-
SHA512
06b56eddc6ad01a4bcbaaf15ac9ac0292bee340dd881e098aece9e3becfe0bcfb942198a5dcb7aee2d27407340954130b22e8a54172939693e9142ca2295f74e
-
SSDEEP
393216:xm0bMJiMaLNi3Ayp6Lvp7fX/J9aq81h4UmrTMfE/Ycyo11oE5oiLvElwz0saj:EIMiQ6rVzm4HTqEgcysHSiLMS3aj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-