General

  • Target

    Araneida.exe

  • Size

    22.8MB

  • Sample

    240403-2msqyafe33

  • MD5

    9786d9a60eee23198843b481f086b321

  • SHA1

    0b2986cbd862a0e19161ed78a9f8a541fb1fcec1

  • SHA256

    fd41dc07b772e71d75bb65868152d0dc9f652578d535bf17ee27b02c6079ef1d

  • SHA512

    153ffc8f3739b81781206fa4674c4acb9bb379feb32eb0cce807f7e58224c5debd01defafca41f6dbffdb7ad9d860b241f912c36b9ad580ea241ccc53573db10

  • SSDEEP

    393216:pX7VGSptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6yhB4V:RtDGL7p8dai06KRq6RSH6yIV

Malware Config

Targets

    • Target

      Araneida.exe

    • Size

      22.8MB

    • MD5

      9786d9a60eee23198843b481f086b321

    • SHA1

      0b2986cbd862a0e19161ed78a9f8a541fb1fcec1

    • SHA256

      fd41dc07b772e71d75bb65868152d0dc9f652578d535bf17ee27b02c6079ef1d

    • SHA512

      153ffc8f3739b81781206fa4674c4acb9bb379feb32eb0cce807f7e58224c5debd01defafca41f6dbffdb7ad9d860b241f912c36b9ad580ea241ccc53573db10

    • SSDEEP

      393216:pX7VGSptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6yhB4V:RtDGL7p8dai06KRq6RSH6yIV

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks