General
-
Target
Stand.Launchpad.exe
-
Size
7.2MB
-
Sample
230726-wg9vdafb78
-
MD5
b805e3d2e329b4314f32d843130cf8d5
-
SHA1
6c5493accafa1a32944f2d3432a651eaf9f69acd
-
SHA256
c79a544103c68b5bdfc5f9983d7833caf169054736e8c899b9aff0b7ca602346
-
SHA512
87ff585482d5162ce4f3e1d703b5676719d9c38359d36bb5f0ac520cf901e60143d8b2451fde0c750e3f5c2154cb130c06f38483598cad42fb2404b1a55b0136
-
SSDEEP
196608:Ac8gmG+rmoSOG8O9LxJ0L54AP+uciMVO8/c:w6oJG8MLsCE8zO8k
Static task
static1
Malware Config
Targets
-
-
Target
Stand.Launchpad.exe
-
Size
7.2MB
-
MD5
b805e3d2e329b4314f32d843130cf8d5
-
SHA1
6c5493accafa1a32944f2d3432a651eaf9f69acd
-
SHA256
c79a544103c68b5bdfc5f9983d7833caf169054736e8c899b9aff0b7ca602346
-
SHA512
87ff585482d5162ce4f3e1d703b5676719d9c38359d36bb5f0ac520cf901e60143d8b2451fde0c750e3f5c2154cb130c06f38483598cad42fb2404b1a55b0136
-
SSDEEP
196608:Ac8gmG+rmoSOG8O9LxJ0L54AP+uciMVO8/c:w6oJG8MLsCE8zO8k
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-