General
-
Target
01cf429107499a03111b964fb66d143bededbc0604415cc47a831fa8113a0d0b
-
Size
4.7MB
-
Sample
231114-xryqjafe9t
-
MD5
f77d97176dec44e9cc72d2df339c57df
-
SHA1
a99289f0b22289c9c21d3850a250ecb6bd3bc2a3
-
SHA256
01cf429107499a03111b964fb66d143bededbc0604415cc47a831fa8113a0d0b
-
SHA512
964b276cef03e4560f3201e67b91480290a66249521228060a81d642c048479dcdc430731bdbe68553fe8bd04b5034a0e595684a1dd6965f13ceaeecd315dca1
-
SSDEEP
49152:jkcF++vJTXmr20RHcqX1/IwxhE3gSp77J+925BizmIBQLwUZvABB/KJx/LI1YR:jkevl
Malware Config
Targets
-
-
Target
01cf429107499a03111b964fb66d143bededbc0604415cc47a831fa8113a0d0b
-
Size
4.7MB
-
MD5
f77d97176dec44e9cc72d2df339c57df
-
SHA1
a99289f0b22289c9c21d3850a250ecb6bd3bc2a3
-
SHA256
01cf429107499a03111b964fb66d143bededbc0604415cc47a831fa8113a0d0b
-
SHA512
964b276cef03e4560f3201e67b91480290a66249521228060a81d642c048479dcdc430731bdbe68553fe8bd04b5034a0e595684a1dd6965f13ceaeecd315dca1
-
SSDEEP
49152:jkcF++vJTXmr20RHcqX1/IwxhE3gSp77J+925BizmIBQLwUZvABB/KJx/LI1YR:jkevl
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Xen via ACPI registry values (likely anti-VM)
-
Looks for VMWare services registry key.
-
Looks for Xen service registry key.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-