General
-
Target
286978de6076b2e10b53b6ca129507dff404c3397fd9c94622ef2cf9a64d3489
-
Size
5.4MB
-
Sample
231125-t338lsca5x
-
MD5
a22d8542904ba00a7a836092aa3713be
-
SHA1
9f1b35a9e082392346699eca64c2aa886cd324e9
-
SHA256
286978de6076b2e10b53b6ca129507dff404c3397fd9c94622ef2cf9a64d3489
-
SHA512
c26000dd696c0f6263794bb8e12ac8b723d6142d432d4487f8387f3cf18244aa5a5b735f9cde28543775f2f3b167d0f0a6c23328f9cbe78e17e8760e976fe49d
-
SSDEEP
98304:BBxGAkqofc+nVB723frWNgNgqVpbTYVgZoj47MZ5FV0ZIvY4mQj1zvJJOMJ0wzTk:voA9unVB723frOgNvpbXZ778hsIvY6jU
Malware Config
Targets
-
-
Target
286978de6076b2e10b53b6ca129507dff404c3397fd9c94622ef2cf9a64d3489
-
Size
5.4MB
-
MD5
a22d8542904ba00a7a836092aa3713be
-
SHA1
9f1b35a9e082392346699eca64c2aa886cd324e9
-
SHA256
286978de6076b2e10b53b6ca129507dff404c3397fd9c94622ef2cf9a64d3489
-
SHA512
c26000dd696c0f6263794bb8e12ac8b723d6142d432d4487f8387f3cf18244aa5a5b735f9cde28543775f2f3b167d0f0a6c23328f9cbe78e17e8760e976fe49d
-
SSDEEP
98304:BBxGAkqofc+nVB723frWNgNgqVpbTYVgZoj47MZ5FV0ZIvY4mQj1zvJJOMJ0wzTk:voA9unVB723frOgNvpbXZ778hsIvY6jU
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-