General
-
Target
BIG SHARK RAT Cracked.rar
-
Size
240.0MB
-
Sample
250103-ek7ezsymet
-
MD5
931ffdd1958e6c7acc54ebca99b40d4c
-
SHA1
673eebc8d0a036b2c6139b5b8cddaa34a2620c26
-
SHA256
a5e15d1002db60ae327e46c14bf3a449294bb62d75a8af2cc310b001c5ea23ba
-
SHA512
e5c5f997371fead97eb4ad9697aa24bf3b5127a8775864c666ae1a176f1d029781655186acd612ab80d8669708a0259b199b81a2ab94bdbd34b5729c57342cee
-
SSDEEP
6291456:meaQXwOIn6xrsgVBUsKHEvFa3lNGykkRm0yP8Skh:BXwH6KHEXd78p
Malware Config
Targets
-
-
Target
BIG SHARK RAT Cracked.rar
-
Size
240.0MB
-
MD5
931ffdd1958e6c7acc54ebca99b40d4c
-
SHA1
673eebc8d0a036b2c6139b5b8cddaa34a2620c26
-
SHA256
a5e15d1002db60ae327e46c14bf3a449294bb62d75a8af2cc310b001c5ea23ba
-
SHA512
e5c5f997371fead97eb4ad9697aa24bf3b5127a8775864c666ae1a176f1d029781655186acd612ab80d8669708a0259b199b81a2ab94bdbd34b5729c57342cee
-
SSDEEP
6291456:meaQXwOIn6xrsgVBUsKHEvFa3lNGykkRm0yP8Skh:BXwH6KHEXd78p
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-