General
-
Target
dedeceb8284ebc184f1a02840c36140986defef77be965f8e5fd78b8e47a25a5
-
Size
6MB
-
Sample
230318-hzsf6abe97
-
MD5
9468ee14458c641df58cc7cee92e7719
-
SHA1
d2586659aebfbe2d873bba54ba29bd7920c72994
-
SHA256
dedeceb8284ebc184f1a02840c36140986defef77be965f8e5fd78b8e47a25a5
-
SHA512
bab5a67ffe9b133f0f84c1082193ada89873463d6aac5f001d303edfb0c58a4cf9207c24e8594ac18a843003d49164ded57413b2acc5640192f651650f7d3ccf
-
SSDEEP
196608:WDlnTW4qWp/q4O6bTLICybW/RiuDIuUf7EhLTrF6f6:2dTFqWpd7LXJzDHU/6
Malware Config
Targets
-
-
Target
dedeceb8284ebc184f1a02840c36140986defef77be965f8e5fd78b8e47a25a5
-
Size
6MB
-
MD5
9468ee14458c641df58cc7cee92e7719
-
SHA1
d2586659aebfbe2d873bba54ba29bd7920c72994
-
SHA256
dedeceb8284ebc184f1a02840c36140986defef77be965f8e5fd78b8e47a25a5
-
SHA512
bab5a67ffe9b133f0f84c1082193ada89873463d6aac5f001d303edfb0c58a4cf9207c24e8594ac18a843003d49164ded57413b2acc5640192f651650f7d3ccf
-
SSDEEP
196608:WDlnTW4qWp/q4O6bTLICybW/RiuDIuUf7EhLTrF6f6:2dTFqWpd7LXJzDHU/6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-