General
-
Target
Meteor.exe
-
Size
7.0MB
-
Sample
240415-3dmzrsba92
-
MD5
c8bc5cc6e979bc02d7e86337e8717b71
-
SHA1
e222ecdf20a499458bb3034dfa63afa06170ca1e
-
SHA256
5531e970106e4d2a795f30972e39875b6a70ee607d0c711af489257ac27373c5
-
SHA512
bfe05c313c7a90b86c5a78bb56af423502172dac3f6509a1a7f9cfc3178ff62e66060764ea0759242118d875d49ab14282bb6db7aa0548ad56cf15c6229741a4
-
SSDEEP
196608:Wtssswjou6oimkRnBJ4l90AnIkky4fYL:yUu3imMnwoy4FYL
Static task
static1
Behavioral task
behavioral1
Sample
Meteor.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Meteor.exe
-
Size
7.0MB
-
MD5
c8bc5cc6e979bc02d7e86337e8717b71
-
SHA1
e222ecdf20a499458bb3034dfa63afa06170ca1e
-
SHA256
5531e970106e4d2a795f30972e39875b6a70ee607d0c711af489257ac27373c5
-
SHA512
bfe05c313c7a90b86c5a78bb56af423502172dac3f6509a1a7f9cfc3178ff62e66060764ea0759242118d875d49ab14282bb6db7aa0548ad56cf15c6229741a4
-
SSDEEP
196608:Wtssswjou6oimkRnBJ4l90AnIkky4fYL:yUu3imMnwoy4FYL
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-