General
-
Target
bfc84cd03846b110793635210d9d98880311cd6090cc13331caee199d0c0d9cc
-
Size
5.3MB
-
Sample
240526-qldpvagg76
-
MD5
3c8ff3a5f2fe2ed835912880c2804387
-
SHA1
61d79555462661e74c278db5edb9bbd55ff1fe0d
-
SHA256
bfc84cd03846b110793635210d9d98880311cd6090cc13331caee199d0c0d9cc
-
SHA512
3ae9950dff52330be11878debb6f5f87c1888a536144023029d9e433ab6c8d8914f2c4889df71e1b2de60840242687a47079edb7e44ff12deeec1e303d79b1c4
-
SSDEEP
98304:1iuobqH3OBxmpnHSW1cpp4oXgxWbLo/ivS/FexAl/T+ZYpIpoYrE:1ixyxNSu2yoXFpvSaY+pJ
Malware Config
Targets
-
-
Target
bfc84cd03846b110793635210d9d98880311cd6090cc13331caee199d0c0d9cc
-
Size
5.3MB
-
MD5
3c8ff3a5f2fe2ed835912880c2804387
-
SHA1
61d79555462661e74c278db5edb9bbd55ff1fe0d
-
SHA256
bfc84cd03846b110793635210d9d98880311cd6090cc13331caee199d0c0d9cc
-
SHA512
3ae9950dff52330be11878debb6f5f87c1888a536144023029d9e433ab6c8d8914f2c4889df71e1b2de60840242687a47079edb7e44ff12deeec1e303d79b1c4
-
SSDEEP
98304:1iuobqH3OBxmpnHSW1cpp4oXgxWbLo/ivS/FexAl/T+ZYpIpoYrE:1ixyxNSu2yoXFpvSaY+pJ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-