General
-
Target
af38c72543a9c259788f05857235dad3dcb18c527e1093188638ee2aeb188900
-
Size
5.9MB
-
Sample
221130-st2sraca38
-
MD5
5579238cd6518660b2e680ca079425d1
-
SHA1
65f113aa7bf1365be9e27b90547486fa9841f0c1
-
SHA256
af38c72543a9c259788f05857235dad3dcb18c527e1093188638ee2aeb188900
-
SHA512
6fcb8d01b1f65b04a34e74a1623601c8a23d8fe8a9325989db8e2ddf845e7ac36d11aaf904d3d4f5a574e1739f49db4eb1a90a5433e0c3a908cda1bb44a85288
-
SSDEEP
98304:Q6SdxV6zRhld9E1BlYb9uto2jgrGeweoSYp2prwvLWaNFXvow17IugzlHbGSZBN4:IV8ld98BlON2jnbNswvBXvowJgzl7GSO
Behavioral task
behavioral1
Sample
af38c72543a9c259788f05857235dad3dcb18c527e1093188638ee2aeb188900.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
af38c72543a9c259788f05857235dad3dcb18c527e1093188638ee2aeb188900
-
Size
5.9MB
-
MD5
5579238cd6518660b2e680ca079425d1
-
SHA1
65f113aa7bf1365be9e27b90547486fa9841f0c1
-
SHA256
af38c72543a9c259788f05857235dad3dcb18c527e1093188638ee2aeb188900
-
SHA512
6fcb8d01b1f65b04a34e74a1623601c8a23d8fe8a9325989db8e2ddf845e7ac36d11aaf904d3d4f5a574e1739f49db4eb1a90a5433e0c3a908cda1bb44a85288
-
SSDEEP
98304:Q6SdxV6zRhld9E1BlYb9uto2jgrGeweoSYp2prwvLWaNFXvow17IugzlHbGSZBN4:IV8ld98BlON2jnbNswvBXvowJgzl7GSO
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-