General
-
Target
II-tr.zip
-
Size
3.3MB
-
Sample
230428-f3rypaea4y
-
MD5
31bda9e5492d7f9d1f0d1a434b5c97f2
-
SHA1
7f74ffede6ac298a79d71fe7a1ec9453feb0f665
-
SHA256
3990caad86822e7a9c22ffd0afbd63490819072efb96a2e8be793fafec164aa0
-
SHA512
16f32ad906e05ab7d2e23b5bc1420bcc51f863d69c359b77d712d3ed902b8563b35158ccb7db050fc515cf9a57e85a371de658353ce53037a24333e8efb06568
-
SSDEEP
49152:8eYlU+SKzTXt41EIqGRPBFdZWrKgKWWuL7kDXh/FgbJ1UoJjTrXuSFWa4lV5:8eYjSuGxBFbWmWWuXkd/SbJvD/FRG
Malware Config
Targets
-
-
Target
II-tr.exe
-
Size
3.3MB
-
MD5
548bfc6c224d952ee4c0278390965ae9
-
SHA1
bf9d43e9a90dcf49dcb34416f9dd8ea7b85e7c77
-
SHA256
22dcbfdbfb5cbfb6f12dadaeccf570b8c8acc079afa585886af880e975f380ae
-
SHA512
0deea8c5ee13313e3edb4db960fbef6351e0c01391bac44b081da067c23407f567238d46d792b34ee7fd35a92c6712c504426a645dbeb8d60f833f70bf2d01ac
-
SSDEEP
98304:XHpb2umYIoREUsoGytV4n0oj8tb3gCHg1dWm:Xdlm7AEQGyD4E39Avt
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-