General
-
Target
0lymp.us_protected.exe
-
Size
17.0MB
-
Sample
230523-x5ppsahg6t
-
MD5
a629884293db6eb206dc6127db697aaa
-
SHA1
6bf9b78b131af2643fb7bde0fde0bfc622e5fc02
-
SHA256
ee61eff54a72b2685295da02d759d6ee76d1cf0e8e495b3e6ef142f11662fea6
-
SHA512
485d5cfa2077672c070209ab9a4b186382eddcc0f29cf210ea60f6d4987a684489fe9cdb24c982b2e02bdee2e07f7146d2a674192c734319b6460fbd9c74c21e
-
SSDEEP
393216:PcScAzdDnoozOOuRl2DRwwdBYQeqp3Z/h42LTXahgUo6hSU8dEKY:PczAzFoduDmwKu3VOPhgiQU8qH
Malware Config
Targets
-
-
Target
0lymp.us_protected.exe
-
Size
17.0MB
-
MD5
a629884293db6eb206dc6127db697aaa
-
SHA1
6bf9b78b131af2643fb7bde0fde0bfc622e5fc02
-
SHA256
ee61eff54a72b2685295da02d759d6ee76d1cf0e8e495b3e6ef142f11662fea6
-
SHA512
485d5cfa2077672c070209ab9a4b186382eddcc0f29cf210ea60f6d4987a684489fe9cdb24c982b2e02bdee2e07f7146d2a674192c734319b6460fbd9c74c21e
-
SSDEEP
393216:PcScAzdDnoozOOuRl2DRwwdBYQeqp3Z/h42LTXahgUo6hSU8dEKY:PczAzFoduDmwKu3VOPhgiQU8qH
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-