General
-
Target
SandboxHooking_protected.exe
-
Size
57.8MB
-
Sample
240412-yme83adf46
-
MD5
ba6b086ff3a9ef8b33bdd6ab1db4caf2
-
SHA1
1800619def472b3ab4fcd2537e9bca6e814e71b8
-
SHA256
f95f04b1432babfb6e580f6c4e9884fbd91b593c4a66959dd0f2f063307f6f94
-
SHA512
6cf8f593336c587575294162ee8088618bf8de11cc7446e809c09b769a27702bb131c7b479eb1ccefac41de606c4c43f25e12914defabc35ecb04dbc516d1640
-
SSDEEP
786432:YUnwp4R+GCMFfk07Lcs/zaDyGWM0+ToUwFbB+TUXxJr:Pe8T7Q06TUf
Malware Config
Targets
-
-
Target
SandboxHooking_protected.exe
-
Size
57.8MB
-
MD5
ba6b086ff3a9ef8b33bdd6ab1db4caf2
-
SHA1
1800619def472b3ab4fcd2537e9bca6e814e71b8
-
SHA256
f95f04b1432babfb6e580f6c4e9884fbd91b593c4a66959dd0f2f063307f6f94
-
SHA512
6cf8f593336c587575294162ee8088618bf8de11cc7446e809c09b769a27702bb131c7b479eb1ccefac41de606c4c43f25e12914defabc35ecb04dbc516d1640
-
SSDEEP
786432:YUnwp4R+GCMFfk07Lcs/zaDyGWM0+ToUwFbB+TUXxJr:Pe8T7Q06TUf
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-