General

  • Target

    OnlyAssKicker.rar

  • Size

    17.2MB

  • Sample

    241223-r2t77sslhy

  • MD5

    09380bb26e522a8b38821331bfecab75

  • SHA1

    4cbd5aa5d25cf358ea2b232e2c6cd0cdcc74ff98

  • SHA256

    3de8de7e4e656bf3cd1c23e00477a9d30c2f44a152c028fc290b7d19646cb29f

  • SHA512

    598bca48db07364b0756a0a3cd1c8dcb67dbfe1739c73accebdeca28fa3709c615f4e83f051a663983adbdf7b2f1a05686b9d50ae26385afaec2f2cd47fea0a1

  • SSDEEP

    393216:5U//YX2o6gsnSKUVpsM0zxSXe7AwZeCZk2GLxO:55X2o6gsSg08A3CZtek

Malware Config

Targets

    • Target

      OnlyAssKicker.exe

    • Size

      20.0MB

    • MD5

      c364a5afcca4b5c3611f8d36e2957d61

    • SHA1

      fe5157421c25c9b589808dcb9822c1c66ec6172b

    • SHA256

      5ac54f6a14cd5848efee0d6e5456f436945ca004e9852cdfb869a74c4a89b276

    • SHA512

      ca8b49500e4e21cad51139a3b836a75a7d92f4bc75f0f0ca3d87e2dd3121e853e3dc7023256ec84f248eaa46b4e72e49dc8324144a755c49799e16aae9b30170

    • SSDEEP

      393216:d0X3MptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6ya:dXDGL7p8dai06KRq6RSH6ya

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks