General
-
Target
3b78c20b4135506eb55bd2b158820f080f9161b4c40546b26fa0fc5bf5151eb3
-
Size
1.7MB
-
Sample
240219-tw7x8age48
-
MD5
eb2c0f11da48a3bd0d1104ed1e5c27b0
-
SHA1
357aebf63294c82b5a42a253a9750d92c30d7465
-
SHA256
3b78c20b4135506eb55bd2b158820f080f9161b4c40546b26fa0fc5bf5151eb3
-
SHA512
cb4f078e7419890dbaf3b99dcd380e0b80ff0e4aa64f7a66df52c0075b66e63850ebea059ddc55d5d371fc552dfa8e5a1433b37a9ed73e8b47391b8fed11d6b5
-
SSDEEP
24576:bSmM0je7Vu++xAXTSnjcsoi7B+xCJ8AoySmQ/fNNCnnAZ/shs12qdZP7qc:Gm9jEUjxA8QNoaCJ8AoTmQAs/dZP7q
Malware Config
Targets
-
-
Target
3b78c20b4135506eb55bd2b158820f080f9161b4c40546b26fa0fc5bf5151eb3
-
Size
1.7MB
-
MD5
eb2c0f11da48a3bd0d1104ed1e5c27b0
-
SHA1
357aebf63294c82b5a42a253a9750d92c30d7465
-
SHA256
3b78c20b4135506eb55bd2b158820f080f9161b4c40546b26fa0fc5bf5151eb3
-
SHA512
cb4f078e7419890dbaf3b99dcd380e0b80ff0e4aa64f7a66df52c0075b66e63850ebea059ddc55d5d371fc552dfa8e5a1433b37a9ed73e8b47391b8fed11d6b5
-
SSDEEP
24576:bSmM0je7Vu++xAXTSnjcsoi7B+xCJ8AoySmQ/fNNCnnAZ/shs12qdZP7qc:Gm9jEUjxA8QNoaCJ8AoTmQAs/dZP7q
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-