General
-
Target
ce7c3e44660f7c5a9edaf792afe365c4de79f28612c93a4ad0a3d8278c1e0a00
-
Size
15.6MB
-
Sample
240309-dlzwvsch6t
-
MD5
1cd6c6dc15eb17ad352302fab413f8a6
-
SHA1
eda11aba636479b472a52b1049a42f38998cac9e
-
SHA256
ce7c3e44660f7c5a9edaf792afe365c4de79f28612c93a4ad0a3d8278c1e0a00
-
SHA512
2f607cbdc3e9077214dbb482fe357606724e3236f782ed83dfdd5cca7c7390561614399fe8de4aff340d959610fd0cc8b4daa0a2fb168271d8101269fd132b68
-
SSDEEP
393216:iLVatRL3h4xNJ4ZfJ5XybaEHC/zqjgF0kE/jLKezlMC:iotRF4x/4Zx5CbPC/EJ/jLX5
Malware Config
Targets
-
-
Target
ce7c3e44660f7c5a9edaf792afe365c4de79f28612c93a4ad0a3d8278c1e0a00
-
Size
15.6MB
-
MD5
1cd6c6dc15eb17ad352302fab413f8a6
-
SHA1
eda11aba636479b472a52b1049a42f38998cac9e
-
SHA256
ce7c3e44660f7c5a9edaf792afe365c4de79f28612c93a4ad0a3d8278c1e0a00
-
SHA512
2f607cbdc3e9077214dbb482fe357606724e3236f782ed83dfdd5cca7c7390561614399fe8de4aff340d959610fd0cc8b4daa0a2fb168271d8101269fd132b68
-
SSDEEP
393216:iLVatRL3h4xNJ4ZfJ5XybaEHC/zqjgF0kE/jLKezlMC:iotRF4x/4Zx5CbPC/EJ/jLX5
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-