General
-
Target
Hyper.cc_Val_External.exe
-
Size
3.9MB
-
Sample
230322-ah2z9sfh4t
-
MD5
8f5e1def999ae97b4b5e156b3a1cecf1
-
SHA1
5f84cfb283390e8511ed64d09b61102ce88cc965
-
SHA256
ca9cf220d20db485105b83acd519f880860b5fcb9275ecc015a3f539e0a709aa
-
SHA512
58d615877ac9d7e5eca3e0c3c29fd897d8cd235f8cdadcdef262896f8d4a1a6ad9c136a05ce455750815042108cf8b3bbdbde5ee66c24496b624b820390edd4b
-
SSDEEP
98304:oM9bkr8014K68PozHw0nbFEtugxhGLBsqlUMX+QOV:oMuRB5wQkbyfiuqlOQOV
Malware Config
Targets
-
-
Target
Hyper.cc_Val_External.exe
-
Size
3.9MB
-
MD5
8f5e1def999ae97b4b5e156b3a1cecf1
-
SHA1
5f84cfb283390e8511ed64d09b61102ce88cc965
-
SHA256
ca9cf220d20db485105b83acd519f880860b5fcb9275ecc015a3f539e0a709aa
-
SHA512
58d615877ac9d7e5eca3e0c3c29fd897d8cd235f8cdadcdef262896f8d4a1a6ad9c136a05ce455750815042108cf8b3bbdbde5ee66c24496b624b820390edd4b
-
SSDEEP
98304:oM9bkr8014K68PozHw0nbFEtugxhGLBsqlUMX+QOV:oMuRB5wQkbyfiuqlOQOV
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-