General
-
Target
Iridium (1).rar
-
Size
21.2MB
-
Sample
230319-3ka9jscg3y
-
MD5
ef68de73baa7096f3f81d1f79432d596
-
SHA1
f06766cf513906141d3897e2d6a76ce0db152f12
-
SHA256
e656431198544bfd87e1419866999321dbf84b40a5e8cad5ad498d3b2a5a831d
-
SHA512
b9d86563394e06c7fc4ecae95d062ebc760220799abd9fe18c49abc9091a3b2a5b9d42b513d5321e40f1bc90c6becb48801dce3d158cd71f7d3d77c03f2f7556
-
SSDEEP
393216:V1xuJukOScyW7jwpKmgDOm5GRdh+SDO84xYfzWVXhW:NuJ1OSc1a3APUdh7O85fIxW
Behavioral task
behavioral1
Sample
IridiumGhost.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
IridiumPatcher.exe
Resource
win10-20230220-en
Malware Config
Targets
-
-
Target
IridiumGhost.exe
-
Size
9.5MB
-
MD5
4d05b8f89db009f8e2002ac5fd19d174
-
SHA1
cb224c87d570a149612c7fe106ae07580c4cb4ca
-
SHA256
f0ba1267dc727dd403569559eeb65acf4634fed094a4c6e2ac7c5e3d5c4ea962
-
SHA512
a08f17d06548de621f3570127bedeafc4ae4a4eede5fd5aa530c822de3a9addddea5ddc068555e7cd82baa38c7d0c2d8a0cea06690c667dc2fa2ab800891aab0
-
SSDEEP
196608:3Z9H90i670uKZNGZfpIgQ2Tr4zR0s85toyMW7HnHaIRqUFYn:p9dMQuKZNu82Trc0s85tXd6+qUq
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
IridiumPatcher.exe
-
Size
5.7MB
-
MD5
3ede242cabdcb2e4c924cbe57bf0c98b
-
SHA1
5020f590ab691d6112fb9b59edeac682e2f8ccc3
-
SHA256
bc59a0885c8bb6c546dc0d24fdb11ed5455fda613211a7eefb78efa4cf7142d0
-
SHA512
0aada6083ebd5c61a7b31016eea34aa6fb22e5e009475e6a816364e0519cb3e0b754d265bb3bd36a81d8ee619a31f4fb9ed3337b915213dadad225abf8da21ae
-
SSDEEP
98304:kow72zizDt90qtSiolWp/FElnW4NMVfCfkQ9SMaM9295M8SHCr3GZwVQsbjRc6o8:0AinP0eSiolBzlcQHaiISirHBd2DWSHO
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Kangaroo.dll
-
Size
6.3MB
-
MD5
2c1a6a4481ece15c16e1f98da6288e29
-
SHA1
d3c1360bd6dc217a70235ed20b93ce600b729169
-
SHA256
72941659f5942c154020278e5119727f1943daf60948a2bcb02b7c122b387fde
-
SHA512
efd2c91ce00284683bc38de6b5d3aab6ffd5fdc0b570a078d24d544a2607f54edc4824a9dcf72172308db4bc1a010226839b19ee2fa7fc0e7a748cbb49cfb358
-
SSDEEP
196608:vcGIMFuFXnzNkpzF0jLh+RRw9+tkYjHNhve:vc2F2jN4Wh+RI
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-