General
-
Target
514c4c2648c1001bc69e19b04bcc0734dd41cee0a0de985c1af8ef65ce2e9b3b
-
Size
6.1MB
-
Sample
240913-xar7essalk
-
MD5
499c7d69fbd740730441c1518cec7f81
-
SHA1
bea9a3f497f21e3fcf589bf9e3446a9d14a55484
-
SHA256
514c4c2648c1001bc69e19b04bcc0734dd41cee0a0de985c1af8ef65ce2e9b3b
-
SHA512
e3a2a650016d47e2325389343c8c44ea2536e7454e7152e8724b70db7481d9f69db8350679fc11f3718037af70ea23ab8f95f0ded57c15becbbf153ae273f9f2
-
SSDEEP
196608:+oGU7YdGiyuqu2mN1gXnv1ybPpE+hZUpkntF33:9E1t2Wi+hZUgtFn
Malware Config
Targets
-
-
Target
514c4c2648c1001bc69e19b04bcc0734dd41cee0a0de985c1af8ef65ce2e9b3b
-
Size
6.1MB
-
MD5
499c7d69fbd740730441c1518cec7f81
-
SHA1
bea9a3f497f21e3fcf589bf9e3446a9d14a55484
-
SHA256
514c4c2648c1001bc69e19b04bcc0734dd41cee0a0de985c1af8ef65ce2e9b3b
-
SHA512
e3a2a650016d47e2325389343c8c44ea2536e7454e7152e8724b70db7481d9f69db8350679fc11f3718037af70ea23ab8f95f0ded57c15becbbf153ae273f9f2
-
SSDEEP
196608:+oGU7YdGiyuqu2mN1gXnv1ybPpE+hZUpkntF33:9E1t2Wi+hZUgtFn
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-