General
-
Target
notepad (3).exe
-
Size
7.7MB
-
Sample
240827-q4n9asvgml
-
MD5
e52f0ace43475675ba896dcbddfbb22e
-
SHA1
b970e159b2725009c5264ae47b342b4cba3aba90
-
SHA256
7b76e74675faade8a29af7beda7faed381bb4fbbe72304e4c6e0de8b3a903ec6
-
SHA512
974b98519d1c6a047453960eeaac49c647040f45e6a872396b20e37d4731f9b97341bca6123b71cf82bc3caa10b751c3bded8d3c3ff483cdcfa6c2de5a869a67
-
SSDEEP
196608:XK30CUWcUG4raKu24YY7HVT4hV0AD6QgqKRgX:a30WmKr4YYH+EUWpgX
Behavioral task
behavioral1
Sample
notepad (3).exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
notepad (3).exe
-
Size
7.7MB
-
MD5
e52f0ace43475675ba896dcbddfbb22e
-
SHA1
b970e159b2725009c5264ae47b342b4cba3aba90
-
SHA256
7b76e74675faade8a29af7beda7faed381bb4fbbe72304e4c6e0de8b3a903ec6
-
SHA512
974b98519d1c6a047453960eeaac49c647040f45e6a872396b20e37d4731f9b97341bca6123b71cf82bc3caa10b751c3bded8d3c3ff483cdcfa6c2de5a869a67
-
SSDEEP
196608:XK30CUWcUG4raKu24YY7HVT4hV0AD6QgqKRgX:a30WmKr4YYH+EUWpgX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-