General
-
Target
NEAS.be56d603a151271cce388a9453cfe6cb6cfa9e36dfa225413fac2e086f39f9f7_JC.exe
-
Size
5.2MB
-
Sample
231008-wkn23shc93
-
MD5
1000a24729fdab7f08266881f2e9ae62
-
SHA1
3fbf77f07e4cff1d4813ae472960c974063305f3
-
SHA256
be56d603a151271cce388a9453cfe6cb6cfa9e36dfa225413fac2e086f39f9f7
-
SHA512
65f5b8a5e861dd7463c915ef50467de20d11cbfc7cc677a0eb1f5a15b954151d87785d911084fe7ded13bd65f6ac7ad9b0e65759e31d7f7b51607304f6b50d40
-
SSDEEP
98304:S5DU1HPtkjmxiY6OQGWGedbEZf3JCwfU1E/ltY4ExV/ZokAtFjbyrta5UnABUoR:S5uToYjeeZM91E/lS4ExV/Zy7f4ta5h
Malware Config
Targets
-
-
Target
NEAS.be56d603a151271cce388a9453cfe6cb6cfa9e36dfa225413fac2e086f39f9f7_JC.exe
-
Size
5.2MB
-
MD5
1000a24729fdab7f08266881f2e9ae62
-
SHA1
3fbf77f07e4cff1d4813ae472960c974063305f3
-
SHA256
be56d603a151271cce388a9453cfe6cb6cfa9e36dfa225413fac2e086f39f9f7
-
SHA512
65f5b8a5e861dd7463c915ef50467de20d11cbfc7cc677a0eb1f5a15b954151d87785d911084fe7ded13bd65f6ac7ad9b0e65759e31d7f7b51607304f6b50d40
-
SSDEEP
98304:S5DU1HPtkjmxiY6OQGWGedbEZf3JCwfU1E/ltY4ExV/ZokAtFjbyrta5UnABUoR:S5uToYjeeZM91E/lS4ExV/Zy7f4ta5h
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-