General
-
Target
NovaWare_Perm_spoof.ZIP
-
Size
19.7MB
-
Sample
240616-qef7dsvalh
-
MD5
00a6da4281a202370a52fef4cf4d7421
-
SHA1
a75b12ceef4459056dd19cbfd1c206e433473e38
-
SHA256
ef6d1d2eee80126ce4732424d575f955ec8c3906aeb0fbe8e75e457aa6bfb23e
-
SHA512
9c17791b5037794f457923f14f878e5bcdd10fc72be0790daf1c2ebafd4f4ad6c9615cef6f3812a75e553c7c0fccac5f5c994d2e5385bb39ff2c0aa8d3ad1512
-
SSDEEP
393216:f3D+6eYyhkxUbgvy8Euf7APnntluciSHHWB1fDaeWeYH/r2ks1lcaik4I:fT6KR68fent8hhB1fDa7z2nzAI
Behavioral task
behavioral1
Sample
perm/Serial Checker/Checker.bat
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
perm/Serial Checker/Checker.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
perm/perm/Guna.UI2.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
perm/perm/Guna.UI2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
perm/perm/ilikeniggers.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
perm/Serial Checker/Checker.bat
-
Size
454B
-
MD5
aa8220e80fb4dfd7ea8f391672218a93
-
SHA1
6822bec95792d69c0cc94b5b62eb7cb9e30ae67c
-
SHA256
b9ec143a28f17dbcc9a1ac14c029850fdccefa74cdf2e687186bae9c84bb1c44
-
SHA512
b96d0170ee25cd8cf060a7c830a4a8a230af0b69bf7110713bd9160e2cb24c31cb44c0df8f0cc779bedcc5dfb57af857b9ae0e22cc9698b46d8ca930a81fcb95
Score1/10 -
-
-
Target
perm/perm/Guna.UI2.dll
-
Size
2.1MB
-
MD5
c97f23b52087cfa97985f784ea83498f
-
SHA1
d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
-
SHA256
e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
-
SHA512
ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
-
SSDEEP
49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score1/10 -
-
-
Target
perm/perm/ilikeniggers.exe
-
Size
19.3MB
-
MD5
f20d080bc5344dbbf37afa5779fa0604
-
SHA1
7f774ed6c8a10d38345739318d404439587071a4
-
SHA256
9e2d897d5809436fb686999370dcdac42656da3bf9e82e1ef7120ed62b3303b0
-
SHA512
8e15ab809ac8495711adb85c37d7819ae1b463a8b53fd2790bfc7a2fff133a39c48fa6f8ed6c3587b0b55d8bbea30071735e0f66bd25b62202762dcd2d9e2acd
-
SSDEEP
393216:y0OYis2CulNrako7o9d3jQzW+1tq2G6gwFHF+FN/NCNeA9emVea:+dFmkoU9dTQzWatq2G6JluN/NCNx9eY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-