General
-
Target
944a9f07e7bb2b0bdb322dacf89b2cfb36277f2a3d2af0fd4d79b7c24daed821
-
Size
12.7MB
-
Sample
230925-njkz2afh32
-
MD5
2f54c844bf90892fde210329fbacad48
-
SHA1
3544376cc1f6785b9b76afe09ce72af3c1913218
-
SHA256
944a9f07e7bb2b0bdb322dacf89b2cfb36277f2a3d2af0fd4d79b7c24daed821
-
SHA512
9e419eb085ef56cbe021dbdb6335df463666b0f30885cf24cc8f7e942b83259383ebe7a26c33aa6f4435739d39cc82faad9745c7a17007c44f721a2307f33ecc
-
SSDEEP
196608:VcmdOPbQYGlZm+Uw1WgnmGH+7r7qQVYmGWqEVgM2mCM08bnlXsNbcAHo4GGU5Q/U:YbQp1hXH+7rOuSM/CMRbne2WO5Q/U
Static task
static1
Behavioral task
behavioral1
Sample
944a9f07e7bb2b0bdb322dacf89b2cfb36277f2a3d2af0fd4d79b7c24daed821.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
944a9f07e7bb2b0bdb322dacf89b2cfb36277f2a3d2af0fd4d79b7c24daed821.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
944a9f07e7bb2b0bdb322dacf89b2cfb36277f2a3d2af0fd4d79b7c24daed821
-
Size
12.7MB
-
MD5
2f54c844bf90892fde210329fbacad48
-
SHA1
3544376cc1f6785b9b76afe09ce72af3c1913218
-
SHA256
944a9f07e7bb2b0bdb322dacf89b2cfb36277f2a3d2af0fd4d79b7c24daed821
-
SHA512
9e419eb085ef56cbe021dbdb6335df463666b0f30885cf24cc8f7e942b83259383ebe7a26c33aa6f4435739d39cc82faad9745c7a17007c44f721a2307f33ecc
-
SSDEEP
196608:VcmdOPbQYGlZm+Uw1WgnmGH+7r7qQVYmGWqEVgM2mCM08bnlXsNbcAHo4GGU5Q/U:YbQp1hXH+7rOuSM/CMRbne2WO5Q/U
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-