General
-
Target
ImGL.exe
-
Size
17.3MB
-
Sample
230314-3eslmscc4w
-
MD5
8e29c41a5c3c262532ad1bf51eef3825
-
SHA1
4e866a3606e7162bc73c6d4704019471affc0146
-
SHA256
e236c116a40f04fd4e2a76bc3429032344619b5919c51138a1cc4372c8b383d7
-
SHA512
063b384af1cb53822337d3870a2c67ad376cde7d9748b7bbec123d8e0a2edf50035cd2f7e6a31924e5bf3d0ed07033c86ae4f588227149c39b71420ba8db7533
-
SSDEEP
393216:fL1oDJRpoiqIl4TA81XZVPtj1PLB3xTpyC53xVu7vHhqBa4Cs:fhQmUOM8RZdPPF3tPpHCpqBa4C
Malware Config
Targets
-
-
Target
ImGL.exe
-
Size
17.3MB
-
MD5
8e29c41a5c3c262532ad1bf51eef3825
-
SHA1
4e866a3606e7162bc73c6d4704019471affc0146
-
SHA256
e236c116a40f04fd4e2a76bc3429032344619b5919c51138a1cc4372c8b383d7
-
SHA512
063b384af1cb53822337d3870a2c67ad376cde7d9748b7bbec123d8e0a2edf50035cd2f7e6a31924e5bf3d0ed07033c86ae4f588227149c39b71420ba8db7533
-
SSDEEP
393216:fL1oDJRpoiqIl4TA81XZVPtj1PLB3xTpyC53xVu7vHhqBa4Cs:fhQmUOM8RZdPPF3tPpHCpqBa4C
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-