General
-
Target
2da4e8e65661be6081614d8ad9ff5d9a520e9a105eed732abc8508849a692326
-
Size
2.9MB
-
Sample
240625-nkffyawhqb
-
MD5
9a0f4bca4bf88c2cc797125785c63e35
-
SHA1
9d89a907d61189bfc2dfc15804bb9b90e0fae5b8
-
SHA256
2da4e8e65661be6081614d8ad9ff5d9a520e9a105eed732abc8508849a692326
-
SHA512
cc3f5f98d6a2cc5c940f3ef6ae5bc00b5ae7b6a6ffa39dad658c6ccd13a1c291ac84ed1e1f177605da4e2b5ff3178ec127fc04854df16afdc3ab2cc96f1fd920
-
SSDEEP
49152:TVNIbFhQ1+uuMQxX0Kk2vyg5qB++UY1JtDGeE6Futkw7mTkOze:obU+bkg7u+AzT+mTkOz
Malware Config
Targets
-
-
Target
2da4e8e65661be6081614d8ad9ff5d9a520e9a105eed732abc8508849a692326
-
Size
2.9MB
-
MD5
9a0f4bca4bf88c2cc797125785c63e35
-
SHA1
9d89a907d61189bfc2dfc15804bb9b90e0fae5b8
-
SHA256
2da4e8e65661be6081614d8ad9ff5d9a520e9a105eed732abc8508849a692326
-
SHA512
cc3f5f98d6a2cc5c940f3ef6ae5bc00b5ae7b6a6ffa39dad658c6ccd13a1c291ac84ed1e1f177605da4e2b5ff3178ec127fc04854df16afdc3ab2cc96f1fd920
-
SSDEEP
49152:TVNIbFhQ1+uuMQxX0Kk2vyg5qB++UY1JtDGeE6Futkw7mTkOze:obU+bkg7u+AzT+mTkOz
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-