General
-
Target
AppGate8.7z
-
Size
5.2MB
-
Sample
240522-masg3sbf5v
-
MD5
a7cb69e2eccedfc761fea497fee23817
-
SHA1
596f39448ba0e41da3dbbf4ea0cd9235d36f679f
-
SHA256
80239e405eb3e2682ec403d2950cce4967dfe3fc8d99e5cbb54319ad4b7e4796
-
SHA512
2c7d6cb015dc7c565b501e8860140f68039362fb008e1e83cadc4625b95d0beee204a931f118cbb262eee6a937ada00dc47d2b6f56203dd65a07c0989584dd60
-
SSDEEP
98304:ksPDPZWiyj991AU+LOKvI5kGpRfEysw/D8mwl3mZKFU+IX1Aezl1g:ks0iyZPISjWCl/D5uCXPlG
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
setup.exe
-
Size
714.0MB
-
MD5
383b1ce635fbd7f36f07170e0e797230
-
SHA1
71e9b983731a7d7b2aba27630c697abddbd178f8
-
SHA256
4dbeeb2abcdd9bec7eeb7e8e3ad7b3592de6c5c176028156659c423ad9c29d39
-
SHA512
822a66e4fd65addcecce5b2c90cf682fc77cd19240c4f37b0235ec3d827699862c23a6ccfe547e6a48ffb87cfefe9cfdba360981dab8b396ddce679e83555657
-
SSDEEP
98304:iG6NKVNNu5qMju5yAID3tReesIeYVQj/Ay6giF6blZHlxrwepH:ilFqMiQ3dZyoy6MdH
-
Modifies firewall policy service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-