General

  • Target

    BIG SHARK RAT Cracked.rar

  • Size

    240.0MB

  • Sample

    250103-ek7ezsymet

  • MD5

    931ffdd1958e6c7acc54ebca99b40d4c

  • SHA1

    673eebc8d0a036b2c6139b5b8cddaa34a2620c26

  • SHA256

    a5e15d1002db60ae327e46c14bf3a449294bb62d75a8af2cc310b001c5ea23ba

  • SHA512

    e5c5f997371fead97eb4ad9697aa24bf3b5127a8775864c666ae1a176f1d029781655186acd612ab80d8669708a0259b199b81a2ab94bdbd34b5729c57342cee

  • SSDEEP

    6291456:meaQXwOIn6xrsgVBUsKHEvFa3lNGykkRm0yP8Skh:BXwH6KHEXd78p

Malware Config

Targets

    • Target

      BIG SHARK RAT Cracked.rar

    • Size

      240.0MB

    • MD5

      931ffdd1958e6c7acc54ebca99b40d4c

    • SHA1

      673eebc8d0a036b2c6139b5b8cddaa34a2620c26

    • SHA256

      a5e15d1002db60ae327e46c14bf3a449294bb62d75a8af2cc310b001c5ea23ba

    • SHA512

      e5c5f997371fead97eb4ad9697aa24bf3b5127a8775864c666ae1a176f1d029781655186acd612ab80d8669708a0259b199b81a2ab94bdbd34b5729c57342cee

    • SSDEEP

      6291456:meaQXwOIn6xrsgVBUsKHEvFa3lNGykkRm0yP8Skh:BXwH6KHEXd78p

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks