General
-
Target
69e887b4476d8ca1ccfb8ddfd76de2ad3ba4d8481020034ba4ab5d82fce4bea6
-
Size
10.8MB
-
Sample
240526-mntx3afc5w
-
MD5
60a1ded12577598f26de79be34ad3a18
-
SHA1
0073c57312a3a5d1462d38c02f718522e2025a86
-
SHA256
69e887b4476d8ca1ccfb8ddfd76de2ad3ba4d8481020034ba4ab5d82fce4bea6
-
SHA512
008f6e3ae816c3da2aa654e7883cbf5bf822eedf4b822b7587f6539e17e89f030546efb8004e7a7bb63f52e48fe99c3008e422550249ab154697f98d9a6641f8
-
SSDEEP
196608:P1sjFbvg7rC13uuZLk4Nwmy8UrL9mVX6Yk9+BK1at8e1EFj1sQ:tsjFsS13Plk4NnmWX6IK1i8zx1j
Malware Config
Targets
-
-
Target
69e887b4476d8ca1ccfb8ddfd76de2ad3ba4d8481020034ba4ab5d82fce4bea6
-
Size
10.8MB
-
MD5
60a1ded12577598f26de79be34ad3a18
-
SHA1
0073c57312a3a5d1462d38c02f718522e2025a86
-
SHA256
69e887b4476d8ca1ccfb8ddfd76de2ad3ba4d8481020034ba4ab5d82fce4bea6
-
SHA512
008f6e3ae816c3da2aa654e7883cbf5bf822eedf4b822b7587f6539e17e89f030546efb8004e7a7bb63f52e48fe99c3008e422550249ab154697f98d9a6641f8
-
SSDEEP
196608:P1sjFbvg7rC13uuZLk4Nwmy8UrL9mVX6Yk9+BK1at8e1EFj1sQ:tsjFsS13Plk4NnmWX6IK1i8zx1j
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-