General
-
Target
Kainite Woofer.exe
-
Size
5.4MB
-
Sample
240522-dabpwshh63
-
MD5
de3e9f32e96b992556b91739bfd29264
-
SHA1
1a8d80b5a38b7f7ae5da912157075524f6b18c76
-
SHA256
9e89e5a3f5899546aec98a34be14c438215b0db322fb6c380ea930e06a37a25d
-
SHA512
7aef90356de9e7520de564c497980f028c50b8723b33c8249b584ce6ce388c66b76a971464b7cb21bfce5fe893d5e2f7746a2764a6193830fab4cbc9a54e5238
-
SSDEEP
49152:xhA30NlJGqXWksxxpl68fI7tRe8iRt3M/EHgi/jevoJl5QgC:VGZAXeevoJl5QT
Static task
static1
Behavioral task
behavioral1
Sample
Kainite Woofer.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Kainite Woofer.exe
-
Size
5.4MB
-
MD5
de3e9f32e96b992556b91739bfd29264
-
SHA1
1a8d80b5a38b7f7ae5da912157075524f6b18c76
-
SHA256
9e89e5a3f5899546aec98a34be14c438215b0db322fb6c380ea930e06a37a25d
-
SHA512
7aef90356de9e7520de564c497980f028c50b8723b33c8249b584ce6ce388c66b76a971464b7cb21bfce5fe893d5e2f7746a2764a6193830fab4cbc9a54e5238
-
SSDEEP
49152:xhA30NlJGqXWksxxpl68fI7tRe8iRt3M/EHgi/jevoJl5QgC:VGZAXeevoJl5QT
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-