General
-
Target
downloader.exe
-
Size
70.1MB
-
Sample
240827-q1g1tatcjg
-
MD5
1e7167175840eea72194bf4b686128af
-
SHA1
e19590ed9201cf5c80fad6dba45550115b577350
-
SHA256
a6a87d0bb1f5d284a1135037ca0ec0ab2a2d1fd6f5b80d2738514877a8254ab2
-
SHA512
d59809f1eb99a2c381985e21c81b3401abb716f7cf1caabede413194b50d41cd679c8a23b3bba27dd3306fde724345bb314a87dd5a6584a70940ab0bf3e08811
-
SSDEEP
393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3Nt:lWoI7zGi5ahWc3Im7
Static task
static1
Behavioral task
behavioral1
Sample
downloader.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
downloader.exe
-
Size
70.1MB
-
MD5
1e7167175840eea72194bf4b686128af
-
SHA1
e19590ed9201cf5c80fad6dba45550115b577350
-
SHA256
a6a87d0bb1f5d284a1135037ca0ec0ab2a2d1fd6f5b80d2738514877a8254ab2
-
SHA512
d59809f1eb99a2c381985e21c81b3401abb716f7cf1caabede413194b50d41cd679c8a23b3bba27dd3306fde724345bb314a87dd5a6584a70940ab0bf3e08811
-
SSDEEP
393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3Nt:lWoI7zGi5ahWc3Im7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-