General
-
Target
luLA67.exe
-
Size
21.4MB
-
Sample
240617-ylxfyswcnj
-
MD5
c3e6b454175b34a1029bc2baf954229f
-
SHA1
f3d96667359681efef4417ae28200681777faa36
-
SHA256
53cb0631e8ab9afb1098fec83d46fd63b535013d64be8b53481432fe3af00772
-
SHA512
3ace265d05911ad374ce241f830a789e975e1721da32091925c53ad9d914cb63c37f659ddda5f0de24faadd5317db4bbad6c557966b9b2d5961e91491130d1de
-
SSDEEP
393216:gwLjQQK4a0g8hnNIdQc4kNbXaB1FfZM7uqMRzReObOpD/ECkfWfTp8QAZOoRh3cy:gg8B0XhNiQe5GWMRzReeOprAubp8F3n1
Malware Config
Targets
-
-
Target
luLA67.exe
-
Size
21.4MB
-
MD5
c3e6b454175b34a1029bc2baf954229f
-
SHA1
f3d96667359681efef4417ae28200681777faa36
-
SHA256
53cb0631e8ab9afb1098fec83d46fd63b535013d64be8b53481432fe3af00772
-
SHA512
3ace265d05911ad374ce241f830a789e975e1721da32091925c53ad9d914cb63c37f659ddda5f0de24faadd5317db4bbad6c557966b9b2d5961e91491130d1de
-
SSDEEP
393216:gwLjQQK4a0g8hnNIdQc4kNbXaB1FfZM7uqMRzReObOpD/ECkfWfTp8QAZOoRh3cy:gg8B0XhNiQe5GWMRzReeOprAubp8F3n1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-