General
-
Target
Loader.exe
-
Size
6.1MB
-
Sample
240428-fenlcsgf7w
-
MD5
e4d3ef67cabb4f2c6afb40b7c1b38a0f
-
SHA1
6bdaf07a25f3df57aa13bc4f4be91adef0acb7ae
-
SHA256
80b9ccaa1405b037d65bb88b90f05d194590a458133e3633e162e3cbfaeccb12
-
SHA512
b1129444a92e0d8579281311e0cd3fa5d2884acefa4a82c0f910fb01f367c52f57ef71f862b07455158a6e9f7334f454b1edb21d72905359c01ed5ac34497aa2
-
SSDEEP
196608:mViCTV2X/6f58jWGdx6Q+jpF8rYI2ljNlLR:t2V2X/6f54WGuQeF80I2ljNl9
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
6.1MB
-
MD5
e4d3ef67cabb4f2c6afb40b7c1b38a0f
-
SHA1
6bdaf07a25f3df57aa13bc4f4be91adef0acb7ae
-
SHA256
80b9ccaa1405b037d65bb88b90f05d194590a458133e3633e162e3cbfaeccb12
-
SHA512
b1129444a92e0d8579281311e0cd3fa5d2884acefa4a82c0f910fb01f367c52f57ef71f862b07455158a6e9f7334f454b1edb21d72905359c01ed5ac34497aa2
-
SSDEEP
196608:mViCTV2X/6f58jWGdx6Q+jpF8rYI2ljNlLR:t2V2X/6f54WGuQeF80I2ljNl9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-