General
-
Target
eef4b9da665969c538717fecd8ae1c0ae2948e09ab86745f2b847aedf1b3fee8
-
Size
184KB
-
Sample
230217-rbrz6afg22
-
MD5
349971557e88ced0c1c06877525daa27
-
SHA1
88c74c2b2dc0226a6e2a8f734c85ded9e2af47f8
-
SHA256
eef4b9da665969c538717fecd8ae1c0ae2948e09ab86745f2b847aedf1b3fee8
-
SHA512
87102f7d9d2cddf490e411ffbc00247cd0edae307b3bddbfb09f3a3fd4d93913b14376af642ee31ae1d80f2e5e61a677d572fc3d35233a9609f52ba5fd983bae
-
SSDEEP
3072:x/BgPvTmL4bjsuPJqZGmtKG1g1OZ6PWvXI6b/VkTYY49ID9pCtDm:x/+NXsuhMREG+1VII6bVpcD9Q
Static task
static1
Behavioral task
behavioral1
Sample
eef4b9da665969c538717fecd8ae1c0ae2948e09ab86745f2b847aedf1b3fee8.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
eef4b9da665969c538717fecd8ae1c0ae2948e09ab86745f2b847aedf1b3fee8
-
Size
184KB
-
MD5
349971557e88ced0c1c06877525daa27
-
SHA1
88c74c2b2dc0226a6e2a8f734c85ded9e2af47f8
-
SHA256
eef4b9da665969c538717fecd8ae1c0ae2948e09ab86745f2b847aedf1b3fee8
-
SHA512
87102f7d9d2cddf490e411ffbc00247cd0edae307b3bddbfb09f3a3fd4d93913b14376af642ee31ae1d80f2e5e61a677d572fc3d35233a9609f52ba5fd983bae
-
SSDEEP
3072:x/BgPvTmL4bjsuPJqZGmtKG1g1OZ6PWvXI6b/VkTYY49ID9pCtDm:x/+NXsuhMREG+1VII6bVpcD9Q
-
Detects Smokeloader packer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-