General
-
Target
notepad (2).exe
-
Size
7.7MB
-
Sample
240827-rd9mzsthqc
-
MD5
9d7fef66dc4986975e8fafbd9662f3ba
-
SHA1
2f3f244cc09c7470ba143dff36252089d4894e49
-
SHA256
3b580645f8fc0d21da5ef9c755f4d4b794434305dc0e507e13c67ef6bc03f4b8
-
SHA512
ef983275a0ed6c389e1568e8f7b6c3d22bf9214fe1939f979715d392f115d3ab7ed27168035747c8130242c87a12666dc4d301ab490901b3bda127d82af76580
-
SSDEEP
196608:QysjwLcUG4raKu24YY7HVT4hV0AD6QgqKRgX:fRmKr4YYH+EUWpgX
Behavioral task
behavioral1
Sample
notepad (2).exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
notepad (2).exe
-
Size
7.7MB
-
MD5
9d7fef66dc4986975e8fafbd9662f3ba
-
SHA1
2f3f244cc09c7470ba143dff36252089d4894e49
-
SHA256
3b580645f8fc0d21da5ef9c755f4d4b794434305dc0e507e13c67ef6bc03f4b8
-
SHA512
ef983275a0ed6c389e1568e8f7b6c3d22bf9214fe1939f979715d392f115d3ab7ed27168035747c8130242c87a12666dc4d301ab490901b3bda127d82af76580
-
SSDEEP
196608:QysjwLcUG4raKu24YY7HVT4hV0AD6QgqKRgX:fRmKr4YYH+EUWpgX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-