General
-
Target
bb642e4d8f8e9b0151d3e830dc453f0c2d321acd46baef7ca9476d2543ad85e8
-
Size
5.4MB
-
Sample
240523-yh8d2sea2s
-
MD5
c53a2570ddcfdbd96f1eca0efb65afb3
-
SHA1
84e52665eb4f458ee145fb1ebfa422cd5fedc611
-
SHA256
bb642e4d8f8e9b0151d3e830dc453f0c2d321acd46baef7ca9476d2543ad85e8
-
SHA512
f314289acbaa782eb4113928e6a07faca9c1bbb0ee72562f316a0656f89dce9ff39dcf1182fbc914e962968428676337c6077079443999f4d2ee0af8b7bd93e8
-
SSDEEP
98304:VfOY8AXs2F3LBZJHZKWrfpLp97maUL5uFu3zoo668uSP10mJP6WnytQlkHvbp9Ey:R3D82J9LHZKWjpF97ma3azop68FPTZ65
Malware Config
Targets
-
-
Target
bb642e4d8f8e9b0151d3e830dc453f0c2d321acd46baef7ca9476d2543ad85e8
-
Size
5.4MB
-
MD5
c53a2570ddcfdbd96f1eca0efb65afb3
-
SHA1
84e52665eb4f458ee145fb1ebfa422cd5fedc611
-
SHA256
bb642e4d8f8e9b0151d3e830dc453f0c2d321acd46baef7ca9476d2543ad85e8
-
SHA512
f314289acbaa782eb4113928e6a07faca9c1bbb0ee72562f316a0656f89dce9ff39dcf1182fbc914e962968428676337c6077079443999f4d2ee0af8b7bd93e8
-
SSDEEP
98304:VfOY8AXs2F3LBZJHZKWrfpLp97maUL5uFu3zoo668uSP10mJP6WnytQlkHvbp9Ey:R3D82J9LHZKWjpF97ma3azop68FPTZ65
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-