General
-
Target
svchost.exe
-
Size
7.3MB
-
Sample
230620-dh2ahsag21
-
MD5
bb0eb1cba0ab4efdcc626f11b8eb571c
-
SHA1
e5b6ec087b44fbe9f0dd0da2a501e39f8c0bbbc5
-
SHA256
48fd42ea0f584096a6b7b290705ebb358f6687801bbaa34a918bb630a0602e87
-
SHA512
576f546d201f895f55b963e00dbb54c9518c47c28e1bce245b6436d08b9ccaa9cc31680155e27ece9fcdcd5923695c0c2c31e2b133d38e67298bbdbd5cb810a2
-
SSDEEP
196608:BpcUG4raKu24YY7HVT4hV0AD6QgqKRgX:BnmKr4YYH+EUWpgX
Malware Config
Targets
-
-
Target
svchost.exe
-
Size
7.3MB
-
MD5
bb0eb1cba0ab4efdcc626f11b8eb571c
-
SHA1
e5b6ec087b44fbe9f0dd0da2a501e39f8c0bbbc5
-
SHA256
48fd42ea0f584096a6b7b290705ebb358f6687801bbaa34a918bb630a0602e87
-
SHA512
576f546d201f895f55b963e00dbb54c9518c47c28e1bce245b6436d08b9ccaa9cc31680155e27ece9fcdcd5923695c0c2c31e2b133d38e67298bbdbd5cb810a2
-
SSDEEP
196608:BpcUG4raKu24YY7HVT4hV0AD6QgqKRgX:BnmKr4YYH+EUWpgX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-