General
-
Target
e115dacaebcb55a1099db504be6d7c07.exe
-
Size
5.4MB
-
Sample
231127-ssgq7ahd7t
-
MD5
e115dacaebcb55a1099db504be6d7c07
-
SHA1
032437868741186fe4a86e5ef557f6f22733ecd3
-
SHA256
1248cb011e89e4518d3cfa223928e70a996fbc81d11c1fcd27cdafbeefbf4364
-
SHA512
3a00d286a55eea281a490df64e918537c3846982bf50cbbf0505b8ed97e1b8f86ba41568ed763486d6fedaed776796e40b32df78545da79ade4af22d26f3e3eb
-
SSDEEP
98304:pgNgqVpbTYVgZoj47MZ5FV0ZIvY4mQj1zvJUOWugkx1dcDm4I4IVELTFfEzZn+MG:pgNvpbXZ778hsIvY6j1tdncFsNn75I
Malware Config
Targets
-
-
Target
e115dacaebcb55a1099db504be6d7c07.exe
-
Size
5.4MB
-
MD5
e115dacaebcb55a1099db504be6d7c07
-
SHA1
032437868741186fe4a86e5ef557f6f22733ecd3
-
SHA256
1248cb011e89e4518d3cfa223928e70a996fbc81d11c1fcd27cdafbeefbf4364
-
SHA512
3a00d286a55eea281a490df64e918537c3846982bf50cbbf0505b8ed97e1b8f86ba41568ed763486d6fedaed776796e40b32df78545da79ade4af22d26f3e3eb
-
SSDEEP
98304:pgNgqVpbTYVgZoj47MZ5FV0ZIvY4mQj1zvJUOWugkx1dcDm4I4IVELTFfEzZn+MG:pgNvpbXZ778hsIvY6j1tdncFsNn75I
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-