General
-
Target
5bae60659372829f.exe
-
Size
6.4MB
-
Sample
240629-yep4asvajg
-
MD5
1a7582b3efad6b7b50f9d037fde75781
-
SHA1
63c408764270eb7737dd06958cc1ae83e39fdcdb
-
SHA256
4b06593b7ba440382b7fac25fa0c66bd518e200cb0ecccb9c53344ecef765589
-
SHA512
a2ef16217af902f478913ee3468751c5e118ceb159f66fa56a57117db63c92a8c9253e219247861d7c90886875cf31f719e06745cd9ba96bbb252e7b32159ab7
-
SSDEEP
98304:ilvNpaygA1E51VrXhJclPTqEbFJA2dHXLHTZ9WxFMZ5wwLB8lt2lZfSnKWUi1if5:ipgT1VrXh0TbF7zZQSww18ml5SIVR
Malware Config
Targets
-
-
Target
5bae60659372829f.exe
-
Size
6.4MB
-
MD5
1a7582b3efad6b7b50f9d037fde75781
-
SHA1
63c408764270eb7737dd06958cc1ae83e39fdcdb
-
SHA256
4b06593b7ba440382b7fac25fa0c66bd518e200cb0ecccb9c53344ecef765589
-
SHA512
a2ef16217af902f478913ee3468751c5e118ceb159f66fa56a57117db63c92a8c9253e219247861d7c90886875cf31f719e06745cd9ba96bbb252e7b32159ab7
-
SSDEEP
98304:ilvNpaygA1E51VrXhJclPTqEbFJA2dHXLHTZ9WxFMZ5wwLB8lt2lZfSnKWUi1if5:ipgT1VrXh0TbF7zZQSww18ml5SIVR
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-