937057dcc1b0772f7169bc46761b73ab2058efd53d9854877370071b9431a447

General

Target

BleachCheat.exe
Size

7.5MB
Sample

240416-bbwekseh9w
MD5

4a8752fcb5b8c322f5387dc92b05cc2f
SHA1

e8c33f6e69aa5bf323801c678bebf4d8af00a474
SHA256

937057dcc1b0772f7169bc46761b73ab2058efd53d9854877370071b9431a447
SHA512

153c2d43b2160d6d601722df3c7ea286eb4f8c836bb77653098f3b5096d92cc7bf8f1637eba25385a5c300e5849d6ca384aba1280acbf490ddd377a595b2572c
SSDEEP

196608:ddgUfWEkm/wQKES+cjTDTqhLkADK4Wi8nqNk:PIQDS+CTSGU4rqNk

Score

10^/10

Malware Config

Targets

- Target
  
  BleachCheat.exe
- Size
  
  7.5MB
- MD5
  
  4a8752fcb5b8c322f5387dc92b05cc2f
- SHA1
  
  e8c33f6e69aa5bf323801c678bebf4d8af00a474
- SHA256
  
  937057dcc1b0772f7169bc46761b73ab2058efd53d9854877370071b9431a447
- SHA512
  
  153c2d43b2160d6d601722df3c7ea286eb4f8c836bb77653098f3b5096d92cc7bf8f1637eba25385a5c300e5849d6ca384aba1280acbf490ddd377a595b2572c
- SSDEEP
  
  196608:ddgUfWEkm/wQKES+cjTDTqhLkADK4Wi8nqNk:PIQDS+CTSGU4rqNk
Score

10^/10

agilenet evasion persistence themida trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- UAC bypass
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1