Overview

overview

10

Static

static

7

OverWolf Crypter.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OverWolf Crypter.zip

  • Size

    36.5MB

  • Sample

    240509-2ts1aabd51

  • MD5

    a116a6efbffd9b698bdf8774332ac8f1

  • SHA1

    33d11b996329060d35d758e10389beb69567685e

  • SHA256

    0e98adba7adbbcb6071be545eeb269fec2bff9300cd8bd48c91f076ae5103dae

  • SHA512

    001ecae34b7d337479d0ec780abd3f3dcd6171ea2df23d195d40969cb0f740af0a6022c43e015360e38a2e8e51264b19548d22376c1e5a5cb273604611b5fbb9

  • SSDEEP

    786432:AqQEiVcxNIl1uw0tHyQ+X+eFPL3M0Tr1SEyFyLx7I:A3EbHmQ+O67MMrAE6yLx7I

Score
10/10
zgratagilenetevasionratthemida

Malware Config

Targets

    • Target

      OverWolf Crypter.zip

    • Size

      36.5MB

    • MD5

      a116a6efbffd9b698bdf8774332ac8f1

    • SHA1

      33d11b996329060d35d758e10389beb69567685e

    • SHA256

      0e98adba7adbbcb6071be545eeb269fec2bff9300cd8bd48c91f076ae5103dae

    • SHA512

      001ecae34b7d337479d0ec780abd3f3dcd6171ea2df23d195d40969cb0f740af0a6022c43e015360e38a2e8e51264b19548d22376c1e5a5cb273604611b5fbb9

    • SSDEEP

      786432:AqQEiVcxNIl1uw0tHyQ+X+eFPL3M0Tr1SEyFyLx7I:A3EbHmQ+O67MMrAE6yLx7I

    Score
    10/10
    zgratagilenetevasionratthemida

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks