General
-
Target
ccc5cd4bb1504a7ef498c484ace84a279b0d605e42ab46966e80cfd53edae3b4
-
Size
4.9MB
-
Sample
250328-xzyqhazxes
-
MD5
bb163d986cd3959b8f5c6b0d07444717
-
SHA1
73dda44bf4768430c1e2e9d1fb5579a05139772b
-
SHA256
ccc5cd4bb1504a7ef498c484ace84a279b0d605e42ab46966e80cfd53edae3b4
-
SHA512
e1a44308ca3d760179ef4481392851db1350b18e946acb13a8486519658b6269c7bf9a37251f8ab27967f2115de8281897153c56bd6cd53df12515d8eb87fbeb
-
SSDEEP
98304:Dn8EAutiHMB3sLzxhe4HsSBOnhZrGxiErOL/yWYhuJR:D890xBs3/wXrGX+nTR
Malware Config
Targets
-
-
Target
ccc5cd4bb1504a7ef498c484ace84a279b0d605e42ab46966e80cfd53edae3b4
-
Size
4.9MB
-
MD5
bb163d986cd3959b8f5c6b0d07444717
-
SHA1
73dda44bf4768430c1e2e9d1fb5579a05139772b
-
SHA256
ccc5cd4bb1504a7ef498c484ace84a279b0d605e42ab46966e80cfd53edae3b4
-
SHA512
e1a44308ca3d760179ef4481392851db1350b18e946acb13a8486519658b6269c7bf9a37251f8ab27967f2115de8281897153c56bd6cd53df12515d8eb87fbeb
-
SSDEEP
98304:Dn8EAutiHMB3sLzxhe4HsSBOnhZrGxiErOL/yWYhuJR:D890xBs3/wXrGX+nTR
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-