General
-
Target
1.zip
-
Size
229.9MB
-
Sample
230609-wgygcadg3s
-
MD5
a3df0a5ba1b8f88a114df0b6c2b377f1
-
SHA1
93523ac0cc47cd393c4453ad9bed5f680d8ff133
-
SHA256
ca27805b6b4caceaa472c8c3d9098257a72ca7b21444435f8640e800f8731f09
-
SHA512
d17902c3b06d6976640e3bfcd21c633860e5912d579fb3fe9c317d1c2c8dce07753b6f8787e2c033b8662735b60f1ade8bbd4c0cd6096ca6461ca9a90be22de6
-
SSDEEP
6291456:mnemYRhOm5ZjyPpu2D9jXD4P9cSH+ZOW81kSPV:mez0kRIDxkP9vHkOW8aSPV
Behavioral task
behavioral1
Sample
1.zip
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
1.zip
-
Size
229.9MB
-
MD5
a3df0a5ba1b8f88a114df0b6c2b377f1
-
SHA1
93523ac0cc47cd393c4453ad9bed5f680d8ff133
-
SHA256
ca27805b6b4caceaa472c8c3d9098257a72ca7b21444435f8640e800f8731f09
-
SHA512
d17902c3b06d6976640e3bfcd21c633860e5912d579fb3fe9c317d1c2c8dce07753b6f8787e2c033b8662735b60f1ade8bbd4c0cd6096ca6461ca9a90be22de6
-
SSDEEP
6291456:mnemYRhOm5ZjyPpu2D9jXD4P9cSH+ZOW81kSPV:mez0kRIDxkP9vHkOW8aSPV
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-