General
-
Target
D68F668B4240F9518E4F80499D93D8C5A1EDDECE0771658C33AE916CC54F5A66
-
Size
493KB
-
Sample
231008-hyl8rach62
-
MD5
ed00050d8507c313c6288e2866c5bbb3
-
SHA1
d82539bfc2cc7cb504be74ac74df696b13db486a
-
SHA256
d68f668b4240f9518e4f80499d93d8c5a1eddece0771658c33ae916cc54f5a66
-
SHA512
f100bef74ea3de30e2962112b55aede9d43b0594592cab4b8894708c39afd7b1f22db8ad75bf9cba00bbbd6c7ead5548cb37a1568ee70bdecb41be1651f15887
-
SSDEEP
12288:w/JP/oaKjKqcjcVILQWgo7ZdutrRSH8m+KaYyOUk8a:wBP/+lMN7ZItrMHaQ8
Malware Config
Targets
-
-
Target
D68F668B4240F9518E4F80499D93D8C5A1EDDECE0771658C33AE916CC54F5A66
-
Size
493KB
-
MD5
ed00050d8507c313c6288e2866c5bbb3
-
SHA1
d82539bfc2cc7cb504be74ac74df696b13db486a
-
SHA256
d68f668b4240f9518e4f80499d93d8c5a1eddece0771658c33ae916cc54f5a66
-
SHA512
f100bef74ea3de30e2962112b55aede9d43b0594592cab4b8894708c39afd7b1f22db8ad75bf9cba00bbbd6c7ead5548cb37a1568ee70bdecb41be1651f15887
-
SSDEEP
12288:w/JP/oaKjKqcjcVILQWgo7ZdutrRSH8m+KaYyOUk8a:wBP/+lMN7ZItrMHaQ8
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-