General
-
Target
2133ef7afec1e4305982f358aae930ea.bin
-
Size
9.0MB
-
Sample
230507-ae3sdsba52
-
MD5
2133ef7afec1e4305982f358aae930ea
-
SHA1
91e079cf85784db58cb9f540b05718ba08dd9745
-
SHA256
6b16ad761c2320e8fc0d1b12263b3b2b54436a95eec14e8671047f7cb4188926
-
SHA512
32a7975d6498308d4b998604ba4c659d5b406a3ccbce0500ebaf41a749d647e58676c0b9314f2379b5615a3f9ea65dd0ed3b5eae38f4ec35bbe8556eebdaa92e
-
SSDEEP
196608:teEgBaHepmiOPwky+owy/rg53HRVu7vHDpS1IqBRU7kCs2q:tUBMDoky+oxc53xVu7vHhqBa4Cs
Behavioral task
behavioral1
Sample
2133ef7afec1e4305982f358aae930ea.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
2133ef7afec1e4305982f358aae930ea.bin
-
Size
9.0MB
-
MD5
2133ef7afec1e4305982f358aae930ea
-
SHA1
91e079cf85784db58cb9f540b05718ba08dd9745
-
SHA256
6b16ad761c2320e8fc0d1b12263b3b2b54436a95eec14e8671047f7cb4188926
-
SHA512
32a7975d6498308d4b998604ba4c659d5b406a3ccbce0500ebaf41a749d647e58676c0b9314f2379b5615a3f9ea65dd0ed3b5eae38f4ec35bbe8556eebdaa92e
-
SSDEEP
196608:teEgBaHepmiOPwky+owy/rg53HRVu7vHDpS1IqBRU7kCs2q:tUBMDoky+oxc53xVu7vHhqBa4Cs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-