General
-
Target
WebframeworkTools_V5.3_enhance_beta.zip
-
Size
30.1MB
-
Sample
240610-dfwl9abg66
-
MD5
a989d8efaee845b149f12a7a62c64363
-
SHA1
48d68aac33f1caf83c17227acb825a67f6eb8961
-
SHA256
6731e52ad3af0f4796f6b7d3c95f8182dc3d00c8c602e4787f0cb022838edca6
-
SHA512
97e8533b404531c4943b22b63de8bc4c9d966f23e88a0e39ac9a1c80e08c110b9994990c6ff7e31f43a059e3f0a0a4a98b837ee3974609a0ee8e736c5db2c9f6
-
SSDEEP
786432:2XSgtHz7WKsf1iDvvPqidiSADbC0qTLxDI:2XP9z7lsf2vvPqXq9I
Behavioral task
behavioral1
Sample
WebFrameworkTools.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
cmd.bat
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
WebFrameworkTools.exe
-
Size
18.7MB
-
MD5
c7a98b519b6b7985a9793a94601557b4
-
SHA1
5cdf4fc4a5fab8e30b947c827a23aef1b13df4d0
-
SHA256
32c488b7a9e15597a024201c7e55396ee25401a4ba1ab95cd73be1c2434f0ff9
-
SHA512
8445b93a6648ec60b135ec565af1c2617d6e7e5016a1d5ac79c785feac893ef31d7df72acc24e521c6d446688649e59628c2ac4c2070bcf803856a532fab324d
-
SSDEEP
393216:VwS6pO9ks2OFmb4akektTcBKNChnRld7lnlRRo9DuUB/F:K5s2wmXGcQNEnbnHROB/F
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
cmd.bat
-
Size
5B
-
MD5
ea2b2676c28c0db26d39331a336c6b92
-
SHA1
2b020927d3c6eb407223a1baa3d6ce3597a3f88d
-
SHA256
cced28c6dc3f99c2396a5eaad732bf6b28142335892b1cd0e6af6cdb53f5ccfa
-
SHA512
cd3ca530caee1aabac0ebbd2ea45c568bdd1442da5724d22ad5c51461fccb3f304806658486c0790053683cf875a5ebb62514404008aeccce9bcc3f7bf5adee8
Score1/10 -
-
-
Target
dllpluginExpGenerateok/UserDllpluginExpGenerate.exe
-
Size
10.5MB
-
MD5
afee1f157679a75fe04557add6d15240
-
SHA1
8d45732ded5ad606bc4d9b2666367fa1bce6500e
-
SHA256
379bfc92c0e21f386c605905b1b5ac0f147b4d4e3a1b4c97ddab9fb5601981ce
-
SHA512
f133dee62a8e89d3989f67281bd5cb2dfe724c038dfc453c1b2c292137af7554de4c1b7ddbfe7763f60713ab1c259047e87edd07ab8adf8d4ca4f16e346a0266
-
SSDEEP
196608:Y39iTu3MHnkk1uuQ8q+r8wpXdST3ucAcMhREvMMKkt3pcsMe:6sr/cuQ8qw8mXd83M5huMMpt3Ue
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-