General
-
Target
d0d45a3bc00989d91cde95cc8fba505915ae35fa6cba24d3b158938c18749f51
-
Size
2.5MB
-
Sample
230327-qxd5rafg4x
-
MD5
a31d5556e895cbe1a28f9bd59032b4e1
-
SHA1
c6e9e5048fde97c700d08397c3ff85c725e2050e
-
SHA256
d0d45a3bc00989d91cde95cc8fba505915ae35fa6cba24d3b158938c18749f51
-
SHA512
637cd45f9c1eec75aa4bce5bcab866efce50a60d284354b7ea13d97e7b2aa86beb27c7eb94d1e6c889eac9f38e49caaee0949c4333d6c28b8638384f441f6e84
-
SSDEEP
49152:EECmPW03EQQfXQPTneDbBk2D21942MNv9bmz55BGxrwa1k3lFpz1:ZFhwGyDK2rXN1b45BG2aIT
Malware Config
Targets
-
-
Target
d0d45a3bc00989d91cde95cc8fba505915ae35fa6cba24d3b158938c18749f51
-
Size
2.5MB
-
MD5
a31d5556e895cbe1a28f9bd59032b4e1
-
SHA1
c6e9e5048fde97c700d08397c3ff85c725e2050e
-
SHA256
d0d45a3bc00989d91cde95cc8fba505915ae35fa6cba24d3b158938c18749f51
-
SHA512
637cd45f9c1eec75aa4bce5bcab866efce50a60d284354b7ea13d97e7b2aa86beb27c7eb94d1e6c889eac9f38e49caaee0949c4333d6c28b8638384f441f6e84
-
SSDEEP
49152:EECmPW03EQQfXQPTneDbBk2D21942MNv9bmz55BGxrwa1k3lFpz1:ZFhwGyDK2rXN1b45BG2aIT
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-