General
-
Target
GADAR.exe
-
Size
47.9MB
-
Sample
240512-h8eawsed6v
-
MD5
2814e71ab1cdf00994521f2c95032c73
-
SHA1
3537800a401c0a8289209583639e542e180d603e
-
SHA256
af09f2db4951c00ccfb6780eea82915afd41d72698e9abadbb66fe9b7a27a7ca
-
SHA512
d07d453ec7d82f0f8e307cef180200d9e8bacad872d95dce06810962ef2b59e02057471899865a3a3eefc2e6d4ebce5ed2938636bb132e7c7401fa6f2fd65bf9
-
SSDEEP
786432:mjy7AtGx1lJZ4FT7tS4H1YfBIMcTJS6s0UYZua3vsEOBkTCYKiDYYGRRqy:ZAMx1lJ0tDHafBjcd2MsF8sYGr
Behavioral task
behavioral1
Sample
GADAR.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
GADAR.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
GADAR.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
GADAR.exe
-
Size
47.9MB
-
MD5
2814e71ab1cdf00994521f2c95032c73
-
SHA1
3537800a401c0a8289209583639e542e180d603e
-
SHA256
af09f2db4951c00ccfb6780eea82915afd41d72698e9abadbb66fe9b7a27a7ca
-
SHA512
d07d453ec7d82f0f8e307cef180200d9e8bacad872d95dce06810962ef2b59e02057471899865a3a3eefc2e6d4ebce5ed2938636bb132e7c7401fa6f2fd65bf9
-
SSDEEP
786432:mjy7AtGx1lJZ4FT7tS4H1YfBIMcTJS6s0UYZua3vsEOBkTCYKiDYYGRRqy:ZAMx1lJ0tDHafBjcd2MsF8sYGr
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-