General
-
Target
Fuckup.zip
-
Size
14.2MB
-
Sample
241222-v1rmgavmal
-
MD5
41fe9e1938dce901a810eb7da99d6140
-
SHA1
7f2e6aa9e7dd8bce6309411fb0d584115fa9033a
-
SHA256
578abc64059b33d56e548c336c95497ddfe4cc63425d2c9efe2d70e2cc02fda2
-
SHA512
c6cee7025d510e731d5e941b385c2aa70a380074a067863505cff6af0eaa41c69e3da85a98a3b32981b54e95e6fc39b83ed65bfc88e621581750f260a77a05d6
-
SSDEEP
393216:GH9mTr4QmKuMvWEa/9YpfNdoTX7LQ4zYeUrW/UEdsR2juChS:tTrfteEaFYpfNdS7LpPAWtA
Malware Config
Targets
-
-
Target
Fuckup.zip
-
Size
14.2MB
-
MD5
41fe9e1938dce901a810eb7da99d6140
-
SHA1
7f2e6aa9e7dd8bce6309411fb0d584115fa9033a
-
SHA256
578abc64059b33d56e548c336c95497ddfe4cc63425d2c9efe2d70e2cc02fda2
-
SHA512
c6cee7025d510e731d5e941b385c2aa70a380074a067863505cff6af0eaa41c69e3da85a98a3b32981b54e95e6fc39b83ed65bfc88e621581750f260a77a05d6
-
SSDEEP
393216:GH9mTr4QmKuMvWEa/9YpfNdoTX7LQ4zYeUrW/UEdsR2juChS:tTrfteEaFYpfNdS7LpPAWtA
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-