General
-
Target
RD-CBV-IT8-L_2022-08-02_16 13 38.zip
-
Size
5.5MB
-
Sample
220802-z95b5sdadq
-
MD5
c40bc42ce2ce3032d3862075a3bde94c
-
SHA1
672c1f0e6bb38ed22bd746cdf2ba24374007ba73
-
SHA256
106d25bb8c0319a57d237a141eced110b138cf8d62b07d3912bd5d38765dfb52
-
SHA512
e4dfd8bfda7ef679f826fe6998eb02b87d6dc0249eda53d61ec99b58e4ba4d82a22368d5a40898eb0a3c1250e832264a4044187655cef405d49dc1be9b73ba7f
Behavioral task
behavioral1
Sample
Device/HarddiskVolume3/Users/admin/Downloads/FRPFILE AIO V2.6/FRPFILE AIO.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
Device/HarddiskVolume3/Users/admin/Downloads/FRPFILE AIO V2.6/FRPFILE AIO.exe
-
Size
5.7MB
-
MD5
06c1fc03d8fcb6f2fa379e11137d39bd
-
SHA1
d27416033fb3ad04fd26b0bf2676b75039595a02
-
SHA256
49081ef5b2d0f4c8f8eb944396828d4f504a213a985b9d51ea0e183d5bfde2ce
-
SHA512
f7bc55d8d18218277b5fa3a7ef26f622d805be1269ffe862301fdeba947dd031c16f21f7f0fe3f84a2400a69d64debd587e13352dfd38bbe47e23bf910699988
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-