General
-
Target
a36a924598b26b31b64fc3a90c78649931d8f39143442a8b9ce85ab330fe6079
-
Size
6.3MB
-
Sample
240809-fl8vwa1arg
-
MD5
24074b5007fce1c4b6c32385caf82f40
-
SHA1
6519930ca21bc3e42e6928cfe830587d9431cfbd
-
SHA256
a36a924598b26b31b64fc3a90c78649931d8f39143442a8b9ce85ab330fe6079
-
SHA512
17f71759e43c6cb84ca8f022a1a2b4670d118a2b6015d940576bcb95b02db1a571291a1de9cc886ce501f3f9daeae4b868e3a265bcc2c7ac2e6aa1dbe6b5d1b3
-
SSDEEP
196608:rgOtE4jsKpiyQp1fQOPzvvLHR95hA4lKUHwRn1QsTva:/EUPg1YOPzv7RbhAtUITy
Malware Config
Targets
-
-
Target
a36a924598b26b31b64fc3a90c78649931d8f39143442a8b9ce85ab330fe6079
-
Size
6.3MB
-
MD5
24074b5007fce1c4b6c32385caf82f40
-
SHA1
6519930ca21bc3e42e6928cfe830587d9431cfbd
-
SHA256
a36a924598b26b31b64fc3a90c78649931d8f39143442a8b9ce85ab330fe6079
-
SHA512
17f71759e43c6cb84ca8f022a1a2b4670d118a2b6015d940576bcb95b02db1a571291a1de9cc886ce501f3f9daeae4b868e3a265bcc2c7ac2e6aa1dbe6b5d1b3
-
SSDEEP
196608:rgOtE4jsKpiyQp1fQOPzvvLHR95hA4lKUHwRn1QsTva:/EUPg1YOPzv7RbhAtUITy
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-