General
-
Target
859942e34862a1131e63e36527fc4d7f52f35f320a3070cf16b6718be72e7a54
-
Size
12.5MB
-
Sample
240612-ftprza1gqj
-
MD5
0d8d5a135b8a2c12a460153932e0db94
-
SHA1
c58e1cb0eef586fc9fe076ad8b102b3724390425
-
SHA256
859942e34862a1131e63e36527fc4d7f52f35f320a3070cf16b6718be72e7a54
-
SHA512
91d03d1f46050d86842a75f6baf4e80b98732a6d21d4c136d55fc0a7cf5cedd47a1d01fa7c1ca465354d8e7a48294e279776db3a4ff8c7a264a32a5170a108c8
-
SSDEEP
393216:/KykwrKLFLc6s5XB8ZxxbIZnlvD9t6xpeadML:/+dBLc6s1KxxGlzapeuU
Malware Config
Targets
-
-
Target
859942e34862a1131e63e36527fc4d7f52f35f320a3070cf16b6718be72e7a54
-
Size
12.5MB
-
MD5
0d8d5a135b8a2c12a460153932e0db94
-
SHA1
c58e1cb0eef586fc9fe076ad8b102b3724390425
-
SHA256
859942e34862a1131e63e36527fc4d7f52f35f320a3070cf16b6718be72e7a54
-
SHA512
91d03d1f46050d86842a75f6baf4e80b98732a6d21d4c136d55fc0a7cf5cedd47a1d01fa7c1ca465354d8e7a48294e279776db3a4ff8c7a264a32a5170a108c8
-
SSDEEP
393216:/KykwrKLFLc6s5XB8ZxxbIZnlvD9t6xpeadML:/+dBLc6s1KxxGlzapeuU
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-