General
-
Target
74fd38dd61ceddcb1f7d0c4a90053154dfbd1b15ce3e6fdccea23671f3e228bc
-
Size
245KB
-
Sample
230218-xxmv8adc26
-
MD5
8c3e351d278db4d6e187fe2977a0c7eb
-
SHA1
5a26f77085279fc4791e3f1af157386324961bf4
-
SHA256
74fd38dd61ceddcb1f7d0c4a90053154dfbd1b15ce3e6fdccea23671f3e228bc
-
SHA512
37395f9721921815586a7c1eb3c8508ae5852eb1a5b9c732dfe5fec3f4bcd7df8cdf69d3a8d78eb8907162839dd621c188ebc5bdd7ab11cf17e112afece2f992
-
SSDEEP
3072:tY21YzDL00HOnlBId81ePkmN9JFAi4VdbpEWcgKcb3vlcwWI8sdsi5VULVIZ:CEIDL00QBPelN9DAdVdtEWcjcbGUja
Static task
static1
Behavioral task
behavioral1
Sample
74fd38dd61ceddcb1f7d0c4a90053154dfbd1b15ce3e6fdccea23671f3e228bc.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
74fd38dd61ceddcb1f7d0c4a90053154dfbd1b15ce3e6fdccea23671f3e228bc
-
Size
245KB
-
MD5
8c3e351d278db4d6e187fe2977a0c7eb
-
SHA1
5a26f77085279fc4791e3f1af157386324961bf4
-
SHA256
74fd38dd61ceddcb1f7d0c4a90053154dfbd1b15ce3e6fdccea23671f3e228bc
-
SHA512
37395f9721921815586a7c1eb3c8508ae5852eb1a5b9c732dfe5fec3f4bcd7df8cdf69d3a8d78eb8907162839dd621c188ebc5bdd7ab11cf17e112afece2f992
-
SSDEEP
3072:tY21YzDL00HOnlBId81ePkmN9JFAi4VdbpEWcgKcb3vlcwWI8sdsi5VULVIZ:CEIDL00QBPelN9DAdVdtEWcjcbGUja
-
Detects Smokeloader packer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-