General
-
Target
RoninTweaksCLI.bat
-
Size
20.4MB
-
Sample
250112-bj7skszqcl
-
MD5
97677e95c911e9d50ed31116686f623e
-
SHA1
569153701ca741b98e6d3bc60f88866d40c87ba4
-
SHA256
a453512cf45c3d69400c96fb2d4fde739e101a71d3a9e57fb488634cfba1a119
-
SHA512
0dd60ca16d724a978a8afe70f020659f24cade852ebb6cc1f0b5fdd140ec05aef4649eb8442fb9cb1861eaf3c86ca88213115d590c1233e53d3d39682d70e5ed
-
SSDEEP
393216:MuktptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6ya:0tDGL7p8dai06KRq6RSH6ya
Behavioral task
behavioral1
Sample
RoninTweaksCLI.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
RoninTweaksCLI.bat
-
Size
20.4MB
-
MD5
97677e95c911e9d50ed31116686f623e
-
SHA1
569153701ca741b98e6d3bc60f88866d40c87ba4
-
SHA256
a453512cf45c3d69400c96fb2d4fde739e101a71d3a9e57fb488634cfba1a119
-
SHA512
0dd60ca16d724a978a8afe70f020659f24cade852ebb6cc1f0b5fdd140ec05aef4649eb8442fb9cb1861eaf3c86ca88213115d590c1233e53d3d39682d70e5ed
-
SSDEEP
393216:MuktptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6ya:0tDGL7p8dai06KRq6RSH6ya
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-