General
-
Target
Loader (1).exe
-
Size
3.6MB
-
Sample
230331-etw1lsge28
-
MD5
9604974a71e163598982d7ad55145d1d
-
SHA1
c3b02537ff8fded1abb33df88144dc99ee881ba9
-
SHA256
7f32b63eba8bb7cc8273a4eb5860812deda884752e3917ab748a036ffdb61620
-
SHA512
09f0c56a4f227fae5ff2ab31ebc022d7a53db58abaa3bf9d7251864fece235b0e21cda7fc9aae6a334b3959c8e0f295d342b64d02c18f27e31a1614c4e6477c5
-
SSDEEP
98304:B79LRou/i/pEEf1+SSfx64Wc+wSgroMt0wvnepG8V7od:V9WlESaxJWc+wSg3ywqrV7M
Malware Config
Targets
-
-
Target
Loader (1).exe
-
Size
3.6MB
-
MD5
9604974a71e163598982d7ad55145d1d
-
SHA1
c3b02537ff8fded1abb33df88144dc99ee881ba9
-
SHA256
7f32b63eba8bb7cc8273a4eb5860812deda884752e3917ab748a036ffdb61620
-
SHA512
09f0c56a4f227fae5ff2ab31ebc022d7a53db58abaa3bf9d7251864fece235b0e21cda7fc9aae6a334b3959c8e0f295d342b64d02c18f27e31a1614c4e6477c5
-
SSDEEP
98304:B79LRou/i/pEEf1+SSfx64Wc+wSgroMt0wvnepG8V7od:V9WlESaxJWc+wSg3ywqrV7M
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-