General
-
Target
2cfa7056c07d2e21ea62a580a19c0ccbec701c3e716ce9eab960f7ca79d2929e
-
Size
3.5MB
-
Sample
240528-efsq2aeh96
-
MD5
a19221d3c4f1178e93ba3856e24e9ad6
-
SHA1
0fce6bf45f06c911263e7e0d97102be5d9958d1a
-
SHA256
2cfa7056c07d2e21ea62a580a19c0ccbec701c3e716ce9eab960f7ca79d2929e
-
SHA512
c551886a113ca5d76f296012c93ad99f08462472743453724a8eb3515223876dda0d0ceb9f6b754df16d9ed521f199c706ca1e065746fd4e278814b833aef7f4
-
SSDEEP
49152:r9aoy7pKdwLXtifZzXa/lQwoqyZheavSAj8rRZ9yM0lypVR:r8oy7pKdyifZDa/2hAAjGBp0KVR
Malware Config
Targets
-
-
Target
2cfa7056c07d2e21ea62a580a19c0ccbec701c3e716ce9eab960f7ca79d2929e
-
Size
3.5MB
-
MD5
a19221d3c4f1178e93ba3856e24e9ad6
-
SHA1
0fce6bf45f06c911263e7e0d97102be5d9958d1a
-
SHA256
2cfa7056c07d2e21ea62a580a19c0ccbec701c3e716ce9eab960f7ca79d2929e
-
SHA512
c551886a113ca5d76f296012c93ad99f08462472743453724a8eb3515223876dda0d0ceb9f6b754df16d9ed521f199c706ca1e065746fd4e278814b833aef7f4
-
SSDEEP
49152:r9aoy7pKdwLXtifZzXa/lQwoqyZheavSAj8rRZ9yM0lypVR:r8oy7pKdyifZDa/2hAAjGBp0KVR
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-