General
-
Target
OnlyAssKicker.rar
-
Size
17.2MB
-
Sample
241223-r5pf5asnhl
-
MD5
09380bb26e522a8b38821331bfecab75
-
SHA1
4cbd5aa5d25cf358ea2b232e2c6cd0cdcc74ff98
-
SHA256
3de8de7e4e656bf3cd1c23e00477a9d30c2f44a152c028fc290b7d19646cb29f
-
SHA512
598bca48db07364b0756a0a3cd1c8dcb67dbfe1739c73accebdeca28fa3709c615f4e83f051a663983adbdf7b2f1a05686b9d50ae26385afaec2f2cd47fea0a1
-
SSDEEP
393216:5U//YX2o6gsnSKUVpsM0zxSXe7AwZeCZk2GLxO:55X2o6gsSg08A3CZtek
Behavioral task
behavioral1
Sample
OnlyAssKicker.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
OnlyAssKicker.exe
-
Size
20.0MB
-
MD5
c364a5afcca4b5c3611f8d36e2957d61
-
SHA1
fe5157421c25c9b589808dcb9822c1c66ec6172b
-
SHA256
5ac54f6a14cd5848efee0d6e5456f436945ca004e9852cdfb869a74c4a89b276
-
SHA512
ca8b49500e4e21cad51139a3b836a75a7d92f4bc75f0f0ca3d87e2dd3121e853e3dc7023256ec84f248eaa46b4e72e49dc8324144a755c49799e16aae9b30170
-
SSDEEP
393216:d0X3MptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6ya:dXDGL7p8dai06KRq6RSH6ya
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-