General
-
Target
exploits
-
Size
30KB
-
Sample
240523-3atcdada6w
-
MD5
03d7bf5005f574aebe94c9ae85c75cb1
-
SHA1
67461d70e189f50171c4dadb11fdb53dabce606b
-
SHA256
6ada619bdfd293467b6cd4fea3abe992a609852aa111cb2881f3c6a32cc77dae
-
SHA512
51ec891f23db76f5276c6d403557f1578c7933d460ee4cbb0e7dbb25878029beb3ae24833e0b9a255c1434af78c61206165ccf7a4d4bf87fb787ebae0e1551ec
-
SSDEEP
768:7rTilU9RC9fvOflS5/u01/8xWApJingqna03O7m7Y7dMdsx9afM2JjCUSBtS3/Sa:rilU9RC9fWflS5/u0/8xWAringqna03h
Malware Config
Targets
-
-
Target
exploits
-
Size
30KB
-
MD5
03d7bf5005f574aebe94c9ae85c75cb1
-
SHA1
67461d70e189f50171c4dadb11fdb53dabce606b
-
SHA256
6ada619bdfd293467b6cd4fea3abe992a609852aa111cb2881f3c6a32cc77dae
-
SHA512
51ec891f23db76f5276c6d403557f1578c7933d460ee4cbb0e7dbb25878029beb3ae24833e0b9a255c1434af78c61206165ccf7a4d4bf87fb787ebae0e1551ec
-
SSDEEP
768:7rTilU9RC9fvOflS5/u01/8xWApJingqna03O7m7Y7dMdsx9afM2JjCUSBtS3/Sa:rilU9RC9fWflS5/u0/8xWAringqna03h
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-