General
-
Target
Infinit Script.exe
-
Size
10.4MB
-
Sample
241123-tqlsssxnax
-
MD5
abf8a77c489ba97e7d26fbc782168ace
-
SHA1
072e2b34895b65d8a84f670d1a8b75535934e326
-
SHA256
c0016afbcaaeae90bd6c926c2c74e2360380fa04ea99c3b095ad460813bb5ff7
-
SHA512
351b45d4b5a62b86f74c7ee6af8673cdc2771a497d8bf76c0de3a090f09a35e05fd81a666b9795ff5f76ae212a46ae2f870c14b9384c1e6c0a1e32d9f4f15812
-
SSDEEP
196608:5Ot+WBFec8gerzSRtUb26Xcsg6HF/Yg12N3mi0A/e1ZheiJ:5BKeHynNszl/Yg12NWi0AmVn
Malware Config
Targets
-
-
Target
Infinit Script.exe
-
Size
10.4MB
-
MD5
abf8a77c489ba97e7d26fbc782168ace
-
SHA1
072e2b34895b65d8a84f670d1a8b75535934e326
-
SHA256
c0016afbcaaeae90bd6c926c2c74e2360380fa04ea99c3b095ad460813bb5ff7
-
SHA512
351b45d4b5a62b86f74c7ee6af8673cdc2771a497d8bf76c0de3a090f09a35e05fd81a666b9795ff5f76ae212a46ae2f870c14b9384c1e6c0a1e32d9f4f15812
-
SSDEEP
196608:5Ot+WBFec8gerzSRtUb26Xcsg6HF/Yg12N3mi0A/e1ZheiJ:5BKeHynNszl/Yg12NWi0AmVn
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-