General
-
Target
GADAR.exe
-
Size
36.8MB
-
Sample
240512-jczgmaaa65
-
MD5
dca5b159ce067d6d7ce142da63d1c444
-
SHA1
d6b7cac762523422d5873f8c976ccbc6b587be4d
-
SHA256
c79914a98dedb0ec412c085aa8a1038273890e38637ff4c03dfa94a0a60f785e
-
SHA512
1e008b28b6613bae6971ccc0c492977b7014525e81ef89fc250fc3400a9bdcfe522b91548b7a9e93919b4e51e24d553f61dcb5b8b576f221abb4dc52bae78f7c
-
SSDEEP
786432:v3unL7I3kOcdXub9F7DYtJVRqygELqzIYy9y+aJtShY9Q6SZKMg:/unL7ck5OKtRfLqcBUSG8Z0
Behavioral task
behavioral1
Sample
GADAR.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
GADAR.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
GADAR.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
GADAR.exe
-
Size
36.8MB
-
MD5
dca5b159ce067d6d7ce142da63d1c444
-
SHA1
d6b7cac762523422d5873f8c976ccbc6b587be4d
-
SHA256
c79914a98dedb0ec412c085aa8a1038273890e38637ff4c03dfa94a0a60f785e
-
SHA512
1e008b28b6613bae6971ccc0c492977b7014525e81ef89fc250fc3400a9bdcfe522b91548b7a9e93919b4e51e24d553f61dcb5b8b576f221abb4dc52bae78f7c
-
SSDEEP
786432:v3unL7I3kOcdXub9F7DYtJVRqygELqzIYy9y+aJtShY9Q6SZKMg:/unL7ck5OKtRfLqcBUSG8Z0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-