General
-
Target
Notepad++.exe
-
Size
9.5MB
-
Sample
230322-v7qzhsad56
-
MD5
53e4fa88bd8c51ba2d913380e3de6a2c
-
SHA1
9b4b91444e9ead8c667e87c36f08a7d2ebf3309b
-
SHA256
e8ae1f376e40875ff96c2b322faecee3b7f013b36662d9e45eed733f870994d0
-
SHA512
b48fab3b7aba5aa22b4d0d536cb7919d6a515c4450d2416ee029ad1fcda6933eb72a5658d9e1e1638bb377e84e1a397e922fbfe34e18522b1d3855208fbea97c
-
SSDEEP
196608:o1wjFLQPnIGNOfhw3tMGo6ysjLf0qCgFMh9uF9CeQ0mHEDzg/aymNd7t7:ljFUmW3tMTXGz7A5vHEDzMaB
Malware Config
Targets
-
-
Target
Notepad++.exe
-
Size
9.5MB
-
MD5
53e4fa88bd8c51ba2d913380e3de6a2c
-
SHA1
9b4b91444e9ead8c667e87c36f08a7d2ebf3309b
-
SHA256
e8ae1f376e40875ff96c2b322faecee3b7f013b36662d9e45eed733f870994d0
-
SHA512
b48fab3b7aba5aa22b4d0d536cb7919d6a515c4450d2416ee029ad1fcda6933eb72a5658d9e1e1638bb377e84e1a397e922fbfe34e18522b1d3855208fbea97c
-
SSDEEP
196608:o1wjFLQPnIGNOfhw3tMGo6ysjLf0qCgFMh9uF9CeQ0mHEDzg/aymNd7t7:ljFUmW3tMTXGz7A5vHEDzMaB
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-