General
-
Target
unis.exe
-
Size
82.3MB
-
Sample
240522-pxr6yabg29
-
MD5
d62574eca10f83314dc3d40d24df4e31
-
SHA1
5b1bf403c59ac3982658580544b2266d78745d7b
-
SHA256
4fa95df10e94a285696134171c3a79ec631e6dd9aefaf937fa5b3e93088419f0
-
SHA512
0308e2eca3fc10e170969168943e9471390d8f9330614c5e0c92e0f3049b70e26beaa6219bfef114cce5ea72cf6b7e66adc77a7270406cd3743fd36a788a5671
-
SSDEEP
1572864:qFXGPbLSCU/+6t2+HLc0Unhtmb2qHWB75iKC5K28hlkB4/EuUG+eoAWEZXwsSsBh:u2SC++9oxkmb2qHO5iK528/kBoVxbfZ5
Malware Config
Targets
-
-
Target
unis.exe
-
Size
82.3MB
-
MD5
d62574eca10f83314dc3d40d24df4e31
-
SHA1
5b1bf403c59ac3982658580544b2266d78745d7b
-
SHA256
4fa95df10e94a285696134171c3a79ec631e6dd9aefaf937fa5b3e93088419f0
-
SHA512
0308e2eca3fc10e170969168943e9471390d8f9330614c5e0c92e0f3049b70e26beaa6219bfef114cce5ea72cf6b7e66adc77a7270406cd3743fd36a788a5671
-
SSDEEP
1572864:qFXGPbLSCU/+6t2+HLc0Unhtmb2qHWB75iKC5K28hlkB4/EuUG+eoAWEZXwsSsBh:u2SC++9oxkmb2qHO5iK528/kBoVxbfZ5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-