General
-
Target
e3dabc6bd77dbff728e862d3b490ab8c701bda01f63917fdb0bb81d52015926e
-
Size
190KB
-
Sample
230217-qr6yksff33
-
MD5
8e22a8aa6b231860c3470f8854d36837
-
SHA1
f3bff7ac5dbefb3fe71aff3272d4e716750edabf
-
SHA256
e3dabc6bd77dbff728e862d3b490ab8c701bda01f63917fdb0bb81d52015926e
-
SHA512
00332c0e77bf159327ade717d29a0eaba893f0e7ddd79d57eaffc0273746a8c1e4cacce90fade9c0c56df55e55ec2ee827f1e98c98c815109a9b341f8833be54
-
SSDEEP
3072:X37jeM6C5MeV/MIP8GT+lyQBlyyjwBYGLjNewJHGCpDI/+1/M:XLjxWeJ3UNljQ5BJGCpDD
Static task
static1
Malware Config
Targets
-
-
Target
e3dabc6bd77dbff728e862d3b490ab8c701bda01f63917fdb0bb81d52015926e
-
Size
190KB
-
MD5
8e22a8aa6b231860c3470f8854d36837
-
SHA1
f3bff7ac5dbefb3fe71aff3272d4e716750edabf
-
SHA256
e3dabc6bd77dbff728e862d3b490ab8c701bda01f63917fdb0bb81d52015926e
-
SHA512
00332c0e77bf159327ade717d29a0eaba893f0e7ddd79d57eaffc0273746a8c1e4cacce90fade9c0c56df55e55ec2ee827f1e98c98c815109a9b341f8833be54
-
SSDEEP
3072:X37jeM6C5MeV/MIP8GT+lyQBlyyjwBYGLjNewJHGCpDI/+1/M:XLjxWeJ3UNljQ5BJGCpDD
-
Detects Smokeloader packer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-