General
-
Target
457a4f9f687c3d22fd0b9526207cfacb
-
Size
1.1MB
-
Sample
240106-gs6vjabcb4
-
MD5
457a4f9f687c3d22fd0b9526207cfacb
-
SHA1
11e6972ef93f5301455ac05be3154129b3ee8de4
-
SHA256
2451862bc81079dfde3237cc24d66658922dd5236ea443afd68144cb592ef45a
-
SHA512
930b35108604ee8c3f3f8819605cfbf3e94114e9e603769bef135529960df583e26a8e3938cccc39593726685ef830fbffd7ec3f5633aaccf8825505df9189f3
-
SSDEEP
24576:PWT/iePE/uHxjMnj2q42Gk/oQTAa8/TJ1T7FY:P6wgxjAFV8rz7C
Malware Config
Targets
-
-
Target
457a4f9f687c3d22fd0b9526207cfacb
-
Size
1.1MB
-
MD5
457a4f9f687c3d22fd0b9526207cfacb
-
SHA1
11e6972ef93f5301455ac05be3154129b3ee8de4
-
SHA256
2451862bc81079dfde3237cc24d66658922dd5236ea443afd68144cb592ef45a
-
SHA512
930b35108604ee8c3f3f8819605cfbf3e94114e9e603769bef135529960df583e26a8e3938cccc39593726685ef830fbffd7ec3f5633aaccf8825505df9189f3
-
SSDEEP
24576:PWT/iePE/uHxjMnj2q42Gk/oQTAa8/TJ1T7FY:P6wgxjAFV8rz7C
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-