General
-
Target
2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
-
Size
7.0MB
-
Sample
230305-w7wqfahb27
-
MD5
96d50809dd1b8abd6aed2a41f8e5e71f
-
SHA1
24de43aa8e69ce52bef3c397b2b7b345da54577b
-
SHA256
2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
-
SHA512
0f6ba2334c811ced8662faac734b4783f018ade96c1fa65311b35247c371a6a917b38db1b4038c946b3374dfee0f819057d50b7d9eb8583d0e3a6bbd67565e67
-
SSDEEP
196608:uLvYTFyzb9W4lg9VmXQxjDyFnPFrGPW8xqYU:uLvYAb8Ws6Q4tSGYU
Malware Config
Targets
-
-
Target
2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
-
Size
7.0MB
-
MD5
96d50809dd1b8abd6aed2a41f8e5e71f
-
SHA1
24de43aa8e69ce52bef3c397b2b7b345da54577b
-
SHA256
2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
-
SHA512
0f6ba2334c811ced8662faac734b4783f018ade96c1fa65311b35247c371a6a917b38db1b4038c946b3374dfee0f819057d50b7d9eb8583d0e3a6bbd67565e67
-
SSDEEP
196608:uLvYTFyzb9W4lg9VmXQxjDyFnPFrGPW8xqYU:uLvYAb8Ws6Q4tSGYU
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-