General
-
Target
Loader.exe
-
Size
13.7MB
-
Sample
240704-gqxtvazelf
-
MD5
2073aa1f378b12db32b76e2cf3dccdbb
-
SHA1
a42e394f0d618cb07205289b9e76a086f2bfe6b4
-
SHA256
9b24497cf11577a9565ec5380113680bdf1e5b6db07c903f7295e052d8416c56
-
SHA512
929adb48929e0c65bbd4ac425646aff268614913399a32e690140a7290cdea26048ae08866cbb07c852903f9695754694f4374a88f54d287c10e87a8aef4989e
-
SSDEEP
196608:2pe5+WQU0vcak0rDgvq2Ktxle6D0sMR/nH1TBGmPkkBeQg/nTTwriVKVa:2peAZNDgvq2KtxlrDMdVTg/tnTsVk
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
13.7MB
-
MD5
2073aa1f378b12db32b76e2cf3dccdbb
-
SHA1
a42e394f0d618cb07205289b9e76a086f2bfe6b4
-
SHA256
9b24497cf11577a9565ec5380113680bdf1e5b6db07c903f7295e052d8416c56
-
SHA512
929adb48929e0c65bbd4ac425646aff268614913399a32e690140a7290cdea26048ae08866cbb07c852903f9695754694f4374a88f54d287c10e87a8aef4989e
-
SSDEEP
196608:2pe5+WQU0vcak0rDgvq2Ktxle6D0sMR/nH1TBGmPkkBeQg/nTTwriVKVa:2peAZNDgvq2KtxlrDMdVTg/tnTsVk
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-