General
-
Target
Loader.exe
-
Size
3.3MB
-
Sample
230329-3lsvzsac62
-
MD5
aa27322c80872d70bcd3eabde5f88141
-
SHA1
daef906c51350e74bc7eeace80e35b1bb2e2f443
-
SHA256
4b08cc716f6f89415e2dc85e3c4eb626fcb9b0697f1596d5a27482b5a40d3227
-
SHA512
12ad87b7ab61c92246ddae74eaa62223be948b57abcea1024b21a63bc0e1e6db66c3d911bbe30c857426602436a2a92479323513f25df9b683cda127a84e594e
-
SSDEEP
49152:F/4780JJXqoYgkt9fT5mhaKG/iKz8Sn/Jypm+IUK7AYoL2ENttSIyUA8z/haouab:cfit/R6Kz8S0IjgvPxyfQ54Yfsxbhc
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
3.3MB
-
MD5
aa27322c80872d70bcd3eabde5f88141
-
SHA1
daef906c51350e74bc7eeace80e35b1bb2e2f443
-
SHA256
4b08cc716f6f89415e2dc85e3c4eb626fcb9b0697f1596d5a27482b5a40d3227
-
SHA512
12ad87b7ab61c92246ddae74eaa62223be948b57abcea1024b21a63bc0e1e6db66c3d911bbe30c857426602436a2a92479323513f25df9b683cda127a84e594e
-
SSDEEP
49152:F/4780JJXqoYgkt9fT5mhaKG/iKz8Sn/Jypm+IUK7AYoL2ENttSIyUA8z/haouab:cfit/R6Kz8S0IjgvPxyfQ54Yfsxbhc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-