General
-
Target
SeroXen HWID Reset.exe
-
Size
6.1MB
-
Sample
240519-wfzb9aad8t
-
MD5
bc716fe91b3a9ce3e95ea582cd2b94d9
-
SHA1
a106479dee1f2833ace4aabca48ad339e86992c5
-
SHA256
5b2dd84d1c14455d00ff4307036f27d64bd710bde51f6110fb3be9297a3579bb
-
SHA512
f8ad187942857f93d05b99e8ef75e4666eb9e8782191591009f07aecc931181c05e4a8b5bfc06ad2f2839ec3620f78dd8b8a6e028a48157db769ce5d6cebb761
-
SSDEEP
196608:X01Yeyng53HRVu7vHDpS1IqBRU7kCs2qs:X01Yu53xVu7vHhqBa4CsS
Malware Config
Targets
-
-
Target
SeroXen HWID Reset.exe
-
Size
6.1MB
-
MD5
bc716fe91b3a9ce3e95ea582cd2b94d9
-
SHA1
a106479dee1f2833ace4aabca48ad339e86992c5
-
SHA256
5b2dd84d1c14455d00ff4307036f27d64bd710bde51f6110fb3be9297a3579bb
-
SHA512
f8ad187942857f93d05b99e8ef75e4666eb9e8782191591009f07aecc931181c05e4a8b5bfc06ad2f2839ec3620f78dd8b8a6e028a48157db769ce5d6cebb761
-
SSDEEP
196608:X01Yeyng53HRVu7vHDpS1IqBRU7kCs2qs:X01Yu53xVu7vHhqBa4CsS
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-