General
-
Target
bobux2.0.exe
-
Size
5.4MB
-
Sample
221006-gqkjhsgdg6
-
MD5
0f4e55aba3f0e3c761c487847f703d5a
-
SHA1
13ff1dfafd058c67cd0ce2df49b993298fd5dac2
-
SHA256
16a9778666f1bdb44777948eca42408df9718aaad2869753990835031578e736
-
SHA512
d9df7064c95d3f725fe707faaa89c3c9886698a4f3808c116cfb98eb138ca71de40e20fbc65f78cfea2e3c195a1b4a2f7cc6a6d4624802b71fc42531ee0fa76c
-
SSDEEP
98304:NxV6zRhld9E1BlYb9uto2jgrGeweoSYp2prwvLWaNFXvow17IugzlHbGSZBN7fZm:vV8ld98BlON2jnbNswvBXvowJgzl7GSO
Behavioral task
behavioral1
Sample
bobux2.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bobux2.0.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
bobux2.0.exe
-
Size
5.4MB
-
MD5
0f4e55aba3f0e3c761c487847f703d5a
-
SHA1
13ff1dfafd058c67cd0ce2df49b993298fd5dac2
-
SHA256
16a9778666f1bdb44777948eca42408df9718aaad2869753990835031578e736
-
SHA512
d9df7064c95d3f725fe707faaa89c3c9886698a4f3808c116cfb98eb138ca71de40e20fbc65f78cfea2e3c195a1b4a2f7cc6a6d4624802b71fc42531ee0fa76c
-
SSDEEP
98304:NxV6zRhld9E1BlYb9uto2jgrGeweoSYp2prwvLWaNFXvow17IugzlHbGSZBN7fZm:vV8ld98BlON2jnbNswvBXvowJgzl7GSO
Score10/10-
Modifies WinLogon for persistence
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-