General
-
Target
391d28c0a28b9e19cfb96abc7e7010cd1882131c7312ca3ea4402a474445b63dN.exe
-
Size
3.0MB
-
Sample
241119-rm9z4sxaqg
-
MD5
072a6644cf8fb78af3ad56974e090780
-
SHA1
4bf99d6c5856810f711a84b1abbad7ccfc5d733e
-
SHA256
391d28c0a28b9e19cfb96abc7e7010cd1882131c7312ca3ea4402a474445b63d
-
SHA512
7a8cdc3a313120586436927912dd2cf7503005fcb5215d1292ad97a27cd6bc2f23588518e960419de3ee687f12f4ae5deca8106c400a166fb2d638fee406bdcb
-
SSDEEP
49152:+AvehRd+AJKxInWQ5t4N0GTwI8xOs3W+MpRaIvV:+AGd+AJKxInWU40nxOsm+MpQy
Malware Config
Targets
-
-
Target
391d28c0a28b9e19cfb96abc7e7010cd1882131c7312ca3ea4402a474445b63dN.exe
-
Size
3.0MB
-
MD5
072a6644cf8fb78af3ad56974e090780
-
SHA1
4bf99d6c5856810f711a84b1abbad7ccfc5d733e
-
SHA256
391d28c0a28b9e19cfb96abc7e7010cd1882131c7312ca3ea4402a474445b63d
-
SHA512
7a8cdc3a313120586436927912dd2cf7503005fcb5215d1292ad97a27cd6bc2f23588518e960419de3ee687f12f4ae5deca8106c400a166fb2d638fee406bdcb
-
SSDEEP
49152:+AvehRd+AJKxInWQ5t4N0GTwI8xOs3W+MpRaIvV:+AGd+AJKxInWU40nxOsm+MpQy
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-