General
-
Target
f9386d356fc74badfbeb1205c785fe134bed7729196d71cb90b14ec1bc89d105
-
Size
2.4MB
-
Sample
241120-ej4mps1emr
-
MD5
ecad90c9a6a408000099513d0ff52a58
-
SHA1
cad4ffafa7be8f49b8bb89f03f8ed3a502c5ecb0
-
SHA256
f9386d356fc74badfbeb1205c785fe134bed7729196d71cb90b14ec1bc89d105
-
SHA512
f7aae23e89b43d0042fcc3de707c9d5ad7b965776835e6af2d2f9d64fc2b9ecea37f1c6874efc3d0637166a76f98cd6ab2f8beb13157d2517b30869500413ca5
-
SSDEEP
49152:O7t8Zga0zRQucgQ1Ey1wHaTpYa1aywR2/GbRFKT7+mIUfmvx+KQU:OMzgQCymHoXHGRFa7CMU
Malware Config
Targets
-
-
Target
f9386d356fc74badfbeb1205c785fe134bed7729196d71cb90b14ec1bc89d105
-
Size
2.4MB
-
MD5
ecad90c9a6a408000099513d0ff52a58
-
SHA1
cad4ffafa7be8f49b8bb89f03f8ed3a502c5ecb0
-
SHA256
f9386d356fc74badfbeb1205c785fe134bed7729196d71cb90b14ec1bc89d105
-
SHA512
f7aae23e89b43d0042fcc3de707c9d5ad7b965776835e6af2d2f9d64fc2b9ecea37f1c6874efc3d0637166a76f98cd6ab2f8beb13157d2517b30869500413ca5
-
SSDEEP
49152:O7t8Zga0zRQucgQ1Ey1wHaTpYa1aywR2/GbRFKT7+mIUfmvx+KQU:OMzgQCymHoXHGRFa7CMU
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-