General
-
Target
f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317.zip
-
Size
16.8MB
-
Sample
240306-c7rlyaad98
-
MD5
411c42df8bb6b851d363a8669318f5fd
-
SHA1
d8bc9470f380d7cc5863810ed834e0831f296661
-
SHA256
f8b2a71a34172076cc65f15d14ed43099a1ddf0a294ffe34c6004ae430a10317
-
SHA512
bb450df92f7f2e6fa06bd11d72e37561126f7fc63138ebb838f0af5327dd97ed25fac82513ce5bb695d843dda7469afbba26785b4d49745fd5f0f3b15fdbb7c1
-
SSDEEP
393216:L7d1ETEkmpnpdtIJPAIf5MV6oub01DKYPB+yBjw1KTqdn:1STWJpdtC4Ifa9oo+oBjwR
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Installer.exe
-
Size
327.7MB
-
MD5
7e25fdb1932480e3e6ec31b22d08c19e
-
SHA1
0dfca2e6c1c89b1e85fdbb9da31a93964db7b826
-
SHA256
fbef401c6a7ad24640f6b6583aa0d0fa02aa895c47ab08e68b0e6e312d1b42a5
-
SHA512
2bb81a8ddda7ef4bbc9508c7c80f56b5a00215674ad38e442937c42a2ecdf4e827b906b97bf63c67c36dd0a7ef78d2c6b5b6202d96516ece8b5d2dbd355f8326
-
SSDEEP
196608:99GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDf:9kYVI5DK2NNs6LtYdEhSpz
-
Detects executables packed with Agile.NET / CliSecure
-
Detects executables packed with Themida
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-