General
-
Target
Inno.rar
-
Size
8.2MB
-
Sample
230429-lxtszsce6w
-
MD5
edf241c0a800245b81d4ffa3abb2f183
-
SHA1
00ba375af6ffd65656fe90839722796a6d2abbef
-
SHA256
32197c7b906d34315665e750ce5207ff254a553debcdfb3732e77dbfdc931f17
-
SHA512
f24f110867b60e5a85b8b2b2128817895be3f70fa415ea3585a317fa2497ac31ad3e674a0bf8c6190650bac5f97fa0260451dd229e4145e076e471403fdb4cd2
-
SSDEEP
196608:3DX0P+XBbbuqWSp8rBsitKOu4s1gZThPpXo6Aa8S3O:344Wx7ruigOut1ehpoki
Malware Config
Targets
-
-
Target
Inno/InnoInstaller.exe
-
Size
1019.0MB
-
MD5
801879d5b7a0c86a30552dafbbf1460d
-
SHA1
d1aca891358f0fd24e12a759e4cafbcd7be909b7
-
SHA256
9c98187745a94a9687536aac12711617c55a411c9ba231791924236f3627cde5
-
SHA512
fc8b64f350c1bf6a9a516f9a80906c4ecbf5b75f9982a596cf946aa88c7b338e62824811484afeeaa539567e0b19d0e319a764eaf21764b332408760a14b420d
-
SSDEEP
98304:XHpb2umYIoREUsoGytV4n0oj8tb3gCHg1dWmX:Xdlm7AEQGyD4E39AvtX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-