General
-
Target
hanzowoofercracked.zip
-
Size
31.0MB
-
Sample
240425-kevrwshb37
-
MD5
d40d05d3b23249f4ceee115f864b5ab9
-
SHA1
6a74557489e86af9a47ba44932fd3ccb366ab0c5
-
SHA256
9a0db4898e6d87a8b484c695227dcf33a9dd099ef4f73740524476c182dd2f9e
-
SHA512
ff80a59f6108bf7b7710cff439fcbf2231ce0101217d27fdf8105d43781da4409a30b939fa764ffd09983e2b27eac7f838fff6d6ca673b5b84aecc2318d897f6
-
SSDEEP
786432:rVytLBdFNfkdFpNCWwlInHkhK+2bjEZNokgBEPVv:pytnXkdFpbPktAo4BM5
Malware Config
Targets
-
-
Target
hanzowoofercracked/hanzowoofercracked/hanzopermspoofer.exe
-
Size
31.0MB
-
MD5
3efc3953bf361a6921855261d7db3ebc
-
SHA1
5800977eef27d3334b317857d888aa390095f4c4
-
SHA256
283a8086913fe4355ff9b17d5a0037563f078b09eb4b3b50952a9192a2e974ff
-
SHA512
9152865d4b7bf257675a314b3a6ca9101ba2f3d9b61140b0cb9fa5364a3f436e4e4365f8232bbc86189981d6f540bab3e1501cb0092b3879e58b85e7bccc00b9
-
SSDEEP
786432:4VytLBdFNfkdFpNCWwlInHkhK+2bjEZNokgBEPVj:OytnXkdFpbPktAo4BM5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-