General
-
Target
nightware_pasted.zip
-
Size
112.0MB
-
Sample
240611-p4sfaaxejf
-
MD5
ab85ef6ea98aedff34941afe2adb70c6
-
SHA1
44f40c22f041a2ad0e8f090e49244469fec408f0
-
SHA256
12c03ef329d173728898959b9f406d2fcecec97b21489ab1f8f9acca5066b036
-
SHA512
486f8c3c85806e81f874759ef50b588267cbb961fac6e537314da3cc2a1fb3c82a5322145049d623e757c0c979d17cdd6bee9cfc64feede69af3a323c820d51a
-
SSDEEP
3145728:mbcMttOf6aZRhMO0gHU1pD0ozalllpMICKTEa83os5aPAAhY2an:WccOfRhNA1pIoyCaEdMPAkK
Malware Config
Targets
-
-
Target
nightware_pasted.zip
-
Size
112.0MB
-
MD5
ab85ef6ea98aedff34941afe2adb70c6
-
SHA1
44f40c22f041a2ad0e8f090e49244469fec408f0
-
SHA256
12c03ef329d173728898959b9f406d2fcecec97b21489ab1f8f9acca5066b036
-
SHA512
486f8c3c85806e81f874759ef50b588267cbb961fac6e537314da3cc2a1fb3c82a5322145049d623e757c0c979d17cdd6bee9cfc64feede69af3a323c820d51a
-
SSDEEP
3145728:mbcMttOf6aZRhMO0gHU1pD0ozalllpMICKTEa83os5aPAAhY2an:WccOfRhNA1pIoyCaEdMPAkK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-