General
-
Target
innoi-tr.zip
-
Size
3.5MB
-
Sample
230427-glr3ssfh3w
-
MD5
a832e10f78fa004d322eab8dd977445d
-
SHA1
5d80174642433de36db1bbefbb53b9df534dbb2d
-
SHA256
77ddc1e2673514ae550bb93a8b347dbbd551f714f12d6c48eb0fda03110da748
-
SHA512
ce941fe6c68b91befc97f45b9856257110cdb684e8c9fa2b92ba8a0e0ac0f28958499eb18f77cb9e674675df4bffd21508b8b723a799876185df9f3c64e1d9a1
-
SSDEEP
98304:zioADZbtXZHH8ddpbRBWf58CS0EsVZWjrZPK:f+tXaRBWf5HYsnoZPK
Malware Config
Targets
-
-
Target
innoi-tr.exe
-
Size
3.6MB
-
MD5
f0c59bc9136e4547f44de13c22c9bef7
-
SHA1
51f73360a6cc303652e85523a211cbf665e5bb93
-
SHA256
5a9fbbd8e9bca755d3bb50a1e2a25187e449fe0c179cefa14a2766fbc704e670
-
SHA512
cb56dd085dfcae88a0efc1a9d643936fd5675cdaa0b43a7879099f00a77f35bb825cbb4bfe0d5cfeef7eb0ae76c6e291dc8c803f1af03243d8f50fe87b1c4bd4
-
SSDEEP
98304:WL4+FDm+RF15MSu+IJFqJC8lfJuV0cjiu6l/vZQt:8FDm01aj+iFJAcDhcvZQt
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-