General
-
Target
iFRPFILE AIO v2.8.6.zip
-
Size
39.3MB
-
Sample
240529-kq7ktshh53
-
MD5
f5825ab4eeacd50b9c4b6c64a7710328
-
SHA1
4705f0dd80d39fe60b567364c8b61741ff1bb82b
-
SHA256
767091a7c1294e9909cf14424ba538fb3a40569d4a1cbb86ffeed199e9745328
-
SHA512
7a1625e62f25c9939cded0383ad6377eddd05d891cfd415b352f8889b74065203aff12c6673bbb3cb4980350e2853af3855b0db9387b9626d76fddec5e7bf443
-
SSDEEP
786432:ItoP1D75yaVcmporHM6O6+J1qZBJDEKmwODelibc8sycS7CY2aZa2gmGzB+fX:HP15y9mporZF0QNDVH9sbbsyW+ZaHBqX
Malware Config
Targets
-
-
Target
iFRPFILE AIO v2.8.6.zip
-
Size
39.3MB
-
MD5
f5825ab4eeacd50b9c4b6c64a7710328
-
SHA1
4705f0dd80d39fe60b567364c8b61741ff1bb82b
-
SHA256
767091a7c1294e9909cf14424ba538fb3a40569d4a1cbb86ffeed199e9745328
-
SHA512
7a1625e62f25c9939cded0383ad6377eddd05d891cfd415b352f8889b74065203aff12c6673bbb3cb4980350e2853af3855b0db9387b9626d76fddec5e7bf443
-
SSDEEP
786432:ItoP1D75yaVcmporHM6O6+J1qZBJDEKmwODelibc8sycS7CY2aZa2gmGzB+fX:HP15y9mporZF0QNDVH9sbbsyW+ZaHBqX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-