General
-
Target
djwgadawad.exe
-
Size
2.9MB
-
Sample
240802-fg9lls1glf
-
MD5
6002d95a0c4d6e5f8c82ee52f26017e1
-
SHA1
851481d7c881e5d365fd6c291608124f0ac6ed49
-
SHA256
6f2876181fbca34e29402da5e3ba230e6c0ff3271fa6d44d8ced7cd08f58cef6
-
SHA512
ec9f330a04e70a30343a516ecb0d0d5b0bfc148e22eba2f0116fa4a99b28d9d5b6879b524dd68026d05729dfe89a716e17e82695cb3ade3bd54afaf188437afa
-
SSDEEP
49152:ouQeVw9ahqGNO/TVDr+nwiowsyvMUIwKyXuuliV49l5SJb5BZCJ0lBh:ofe60qcI5awy55+us4BSPBZw0J
Malware Config
Targets
-
-
Target
djwgadawad.exe
-
Size
2.9MB
-
MD5
6002d95a0c4d6e5f8c82ee52f26017e1
-
SHA1
851481d7c881e5d365fd6c291608124f0ac6ed49
-
SHA256
6f2876181fbca34e29402da5e3ba230e6c0ff3271fa6d44d8ced7cd08f58cef6
-
SHA512
ec9f330a04e70a30343a516ecb0d0d5b0bfc148e22eba2f0116fa4a99b28d9d5b6879b524dd68026d05729dfe89a716e17e82695cb3ade3bd54afaf188437afa
-
SSDEEP
49152:ouQeVw9ahqGNO/TVDr+nwiowsyvMUIwKyXuuliV49l5SJb5BZCJ0lBh:ofe60qcI5awy55+us4BSPBZw0J
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-