General
-
Target
EPSONResetterPH.exe
-
Size
8.8MB
-
Sample
230402-bbwqcafb3s
-
MD5
7b9e809d18e1d105581ef4757e684e73
-
SHA1
57f497aaabc0127d4a9565314130cc358ed78917
-
SHA256
82439c65507183d1b2a3bd6ff94cec4bc5c700d100e6c16068d53d0f4c4c8c3e
-
SHA512
4df891f7344149dd8d9d1e76358a1d20f0dda502fd8c5171e11e5fa5904c3b3ad8c4bc9d41e0868a8382359b65289c36f01d37850afa573f7b8fbf30e1d3f084
-
SSDEEP
196608:/fztI7J+3b5MLdfWjl2zxulDRKydZrB+zrXiK5I:3xvb5cdf6yxulcydZl6iAI
Malware Config
Targets
-
-
Target
EPSONResetterPH.exe
-
Size
8.8MB
-
MD5
7b9e809d18e1d105581ef4757e684e73
-
SHA1
57f497aaabc0127d4a9565314130cc358ed78917
-
SHA256
82439c65507183d1b2a3bd6ff94cec4bc5c700d100e6c16068d53d0f4c4c8c3e
-
SHA512
4df891f7344149dd8d9d1e76358a1d20f0dda502fd8c5171e11e5fa5904c3b3ad8c4bc9d41e0868a8382359b65289c36f01d37850afa573f7b8fbf30e1d3f084
-
SSDEEP
196608:/fztI7J+3b5MLdfWjl2zxulDRKydZrB+zrXiK5I:3xvb5cdf6yxulcydZl6iAI
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-