General
-
Target
9KDUY_file.exe
-
Size
1.8MB
-
Sample
241121-jhsaha1akq
-
MD5
370fc731525b5f7087a7de06e2de56e6
-
SHA1
1064c9d0fbbc6a762cf6d3c0639908952af2d3a3
-
SHA256
278ccd58931cdc130118295753d00791559ff374bd6629158c5cb8f7c38097be
-
SHA512
9ab2e45aa23a0c95b5575cf042b21b45ed61b6854d7d41446942b80618bff9bbca8e1485f7cd94854dd2e8fea46183d317387a2e1965b0b524fab1e7f7c74100
-
SSDEEP
49152:yUlUeGUQ21+LY4MwNlgiE271J6lrPZZZtZ:hQ21+LY4VlgiUZZ
Malware Config
Targets
-
-
Target
9KDUY_file.exe
-
Size
1.8MB
-
MD5
370fc731525b5f7087a7de06e2de56e6
-
SHA1
1064c9d0fbbc6a762cf6d3c0639908952af2d3a3
-
SHA256
278ccd58931cdc130118295753d00791559ff374bd6629158c5cb8f7c38097be
-
SHA512
9ab2e45aa23a0c95b5575cf042b21b45ed61b6854d7d41446942b80618bff9bbca8e1485f7cd94854dd2e8fea46183d317387a2e1965b0b524fab1e7f7c74100
-
SSDEEP
49152:yUlUeGUQ21+LY4MwNlgiE271J6lrPZZZtZ:hQ21+LY4VlgiUZZ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-