General
-
Target
63ab6e043ff396fbb0f96ddcd935d13f06741602ac1e0c6731a305655fb0d7fd
-
Size
4.6MB
-
Sample
240909-yf2hqawfrj
-
MD5
ebe94c92c43ada36c87e0ce7b10fccf0
-
SHA1
124b3858e643e78141520bf15a4986270f3c23d1
-
SHA256
63ab6e043ff396fbb0f96ddcd935d13f06741602ac1e0c6731a305655fb0d7fd
-
SHA512
cbf8f593473cd9a42fd85ece73bcc48a7206a235aafc6c2966b3305ab6588c40eac845f18a1945a3250a32c67854b6d7fa8e09126e5c9c0760db3bb4e0071cc3
-
SSDEEP
98304:UoR05wZtvMvEPaopNORAA0oMHO02yEWuWW0Pu8xxb8+G/NF:UA05wZtkvuax+RHsyaWW0PuQLeNF
Malware Config
Targets
-
-
Target
63ab6e043ff396fbb0f96ddcd935d13f06741602ac1e0c6731a305655fb0d7fd
-
Size
4.6MB
-
MD5
ebe94c92c43ada36c87e0ce7b10fccf0
-
SHA1
124b3858e643e78141520bf15a4986270f3c23d1
-
SHA256
63ab6e043ff396fbb0f96ddcd935d13f06741602ac1e0c6731a305655fb0d7fd
-
SHA512
cbf8f593473cd9a42fd85ece73bcc48a7206a235aafc6c2966b3305ab6588c40eac845f18a1945a3250a32c67854b6d7fa8e09126e5c9c0760db3bb4e0071cc3
-
SSDEEP
98304:UoR05wZtvMvEPaopNORAA0oMHO02yEWuWW0Pu8xxb8+G/NF:UA05wZtkvuax+RHsyaWW0PuQLeNF
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-