General
-
Target
SeroXen Toolkit.exe
-
Size
38.1MB
-
Sample
240511-3esawagg37
-
MD5
87416030ed7ca192ef2ca41463d51bef
-
SHA1
44570a40759d3a36d1bedbe37e56468925aec4c8
-
SHA256
7203f9e5a4fdf5d3e6cfd1dc9d2a67a8ebaf7770cc5a0d72f32c5962215a4846
-
SHA512
11c9187053cf80dd4af41d666d14a2f6107b0a84b861c10faa0b07778b16c46e3141c510d564bf3b98fbb27aba484b3d2b1bf8cd44383238af47513508a199bd
-
SSDEEP
786432:6Mq8TErqJVoC5kkTZaQ0aL+kdc95fTvr2FkCVEzHTorPehHesv0Ad/+7pHCpqBa5:6MqwJdN4Q049Of7DErPD6ZmpCpqcP
Malware Config
Targets
-
-
Target
SeroXen Toolkit.exe
-
Size
38.1MB
-
MD5
87416030ed7ca192ef2ca41463d51bef
-
SHA1
44570a40759d3a36d1bedbe37e56468925aec4c8
-
SHA256
7203f9e5a4fdf5d3e6cfd1dc9d2a67a8ebaf7770cc5a0d72f32c5962215a4846
-
SHA512
11c9187053cf80dd4af41d666d14a2f6107b0a84b861c10faa0b07778b16c46e3141c510d564bf3b98fbb27aba484b3d2b1bf8cd44383238af47513508a199bd
-
SSDEEP
786432:6Mq8TErqJVoC5kkTZaQ0aL+kdc95fTvr2FkCVEzHTorPehHesv0Ad/+7pHCpqBa5:6MqwJdN4Q049Of7DErPD6ZmpCpqcP
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-