General
-
Target
fb72ba60fd9ce836cbff260d59fee21954405b7dc435d0fa70ff881ca2977cd8
-
Size
6.3MB
-
Sample
240906-lgflesygpf
-
MD5
c8b7b8292e9244b78e9ae1174ca53cc8
-
SHA1
d032c40418ea83b82515a3275cdd406b5bc39580
-
SHA256
fb72ba60fd9ce836cbff260d59fee21954405b7dc435d0fa70ff881ca2977cd8
-
SHA512
7b4eb36b7236b1f417edf73fabb7a35d2edf1a77e6ef6ce5bcdcb17990d7c9f2b468d76d4a5ceeb7767a77733814203706b619fb4b0d00d7fe633d2352602f70
-
SSDEEP
196608:fhZyR0pHERvR0EMyENY3KW1bMpkSXCkEH82U:fKR0VEtR0EzKl8q2U
Malware Config
Targets
-
-
Target
fb72ba60fd9ce836cbff260d59fee21954405b7dc435d0fa70ff881ca2977cd8
-
Size
6.3MB
-
MD5
c8b7b8292e9244b78e9ae1174ca53cc8
-
SHA1
d032c40418ea83b82515a3275cdd406b5bc39580
-
SHA256
fb72ba60fd9ce836cbff260d59fee21954405b7dc435d0fa70ff881ca2977cd8
-
SHA512
7b4eb36b7236b1f417edf73fabb7a35d2edf1a77e6ef6ce5bcdcb17990d7c9f2b468d76d4a5ceeb7767a77733814203706b619fb4b0d00d7fe633d2352602f70
-
SSDEEP
196608:fhZyR0pHERvR0EMyENY3KW1bMpkSXCkEH82U:fKR0VEtR0EzKl8q2U
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-