General
-
Target
devware_cheat_V2.exe
-
Size
3.7MB
-
Sample
230317-kmmq9afb89
-
MD5
b6e4149e617103a8913bcc350f947032
-
SHA1
8f2a3b04f6a5cd788737e25827facce4322adcc1
-
SHA256
661e21dd9c12c8b96a0b0fb61c3d90a3a14894b4295210bd5acfa37d203d34b6
-
SHA512
5263b3d987e17e67bc7d190a8b82910534ac4f38e8e1c6821dd0c2333b082a2100f0d362287eb2778944925befbf5d7bcbc106ec758f114113efbaab661b3ac2
-
SSDEEP
49152:4mH0kAe7fREZV3h0n6PsgffdtQmkvzLjVo/AP0B8rkuXiR7/GRct1rwdyghOeIU4:4Y0kNyZdkNmEzLa/Al82dPhOeIU4
Malware Config
Targets
-
-
Target
devware_cheat_V2.exe
-
Size
3.7MB
-
MD5
b6e4149e617103a8913bcc350f947032
-
SHA1
8f2a3b04f6a5cd788737e25827facce4322adcc1
-
SHA256
661e21dd9c12c8b96a0b0fb61c3d90a3a14894b4295210bd5acfa37d203d34b6
-
SHA512
5263b3d987e17e67bc7d190a8b82910534ac4f38e8e1c6821dd0c2333b082a2100f0d362287eb2778944925befbf5d7bcbc106ec758f114113efbaab661b3ac2
-
SSDEEP
49152:4mH0kAe7fREZV3h0n6PsgffdtQmkvzLjVo/AP0B8rkuXiR7/GRct1rwdyghOeIU4:4Y0kNyZdkNmEzLa/Al82dPhOeIU4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-