General
-
Target
Patch_CNN_CLI_(CL)_x64_11.00.02.20_REV0.exe
-
Size
18.0MB
-
Sample
231118-1e1wxage7w
-
MD5
a27fe296e5f70a58da9cadb12d5a9d95
-
SHA1
05736f7eeaca990bfa1c588e44cd6d3025bea50f
-
SHA256
f253f930eb77265d50e1e09bf3901e0af6313fa68540e77571ffe859ac55a21c
-
SHA512
69542c99eefc976f0d36b35a1392eeb75559b0b4a8415099f73b6b515642b6add0fcc0c9b41163d77868f8a4b7d39c1e67838e0c0ea23d8141eed51012fb9e10
-
SSDEEP
393216:7exd3ydTZcEBfUTr1BOMtARRah5wLJo1blgtHyjRNyIDE3DeW:7id0KEBqrDAC5w9o1Zgoj39Dk
Malware Config
Targets
-
-
Target
Patch_CNN_CLI_(CL)_x64_11.00.02.20_REV0.exe
-
Size
18.0MB
-
MD5
a27fe296e5f70a58da9cadb12d5a9d95
-
SHA1
05736f7eeaca990bfa1c588e44cd6d3025bea50f
-
SHA256
f253f930eb77265d50e1e09bf3901e0af6313fa68540e77571ffe859ac55a21c
-
SHA512
69542c99eefc976f0d36b35a1392eeb75559b0b4a8415099f73b6b515642b6add0fcc0c9b41163d77868f8a4b7d39c1e67838e0c0ea23d8141eed51012fb9e10
-
SSDEEP
393216:7exd3ydTZcEBfUTr1BOMtARRah5wLJo1blgtHyjRNyIDE3DeW:7id0KEBqrDAC5w9o1Zgoj39Dk
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-