General
-
Target
ce0d60f22d3b9286115b57b1a4d3cbe7f6a5bad40fc1a896d532eafc02f22835
-
Size
6.2MB
-
Sample
240525-w88rdsec44
-
MD5
be9ca80b13d56e170f7471b698e2af88
-
SHA1
bd8f25bd4149065a954189260e53319438803fc2
-
SHA256
ce0d60f22d3b9286115b57b1a4d3cbe7f6a5bad40fc1a896d532eafc02f22835
-
SHA512
55069ab298a6df3850ae183891fccb8ad44afff4bfb460931d52524fe3557e45fe92ed653a6b98763e7869b3f0792c28f2211c4f2cf9cbc34bc365b6ba4dfbe1
-
SSDEEP
196608:whlLxMQgBmNVWTiLrNjKZDlxtA0Sjrfp2Ns:ulWQgBGHNjolIHj7Os
Malware Config
Targets
-
-
Target
ce0d60f22d3b9286115b57b1a4d3cbe7f6a5bad40fc1a896d532eafc02f22835
-
Size
6.2MB
-
MD5
be9ca80b13d56e170f7471b698e2af88
-
SHA1
bd8f25bd4149065a954189260e53319438803fc2
-
SHA256
ce0d60f22d3b9286115b57b1a4d3cbe7f6a5bad40fc1a896d532eafc02f22835
-
SHA512
55069ab298a6df3850ae183891fccb8ad44afff4bfb460931d52524fe3557e45fe92ed653a6b98763e7869b3f0792c28f2211c4f2cf9cbc34bc365b6ba4dfbe1
-
SSDEEP
196608:whlLxMQgBmNVWTiLrNjKZDlxtA0Sjrfp2Ns:ulWQgBGHNjolIHj7Os
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-