General
-
Target
SystemLanguage.zip
-
Size
7.0MB
-
Sample
250210-wmftgs1mav
-
MD5
e85408b2eed92ba2e81129b1fcd337ab
-
SHA1
49acb19a56382c3f155820364d342d95ac817a0d
-
SHA256
710d9f879bf40d30248cb4aa3f23b216d5702021451ef7f7d445abdf85d851b0
-
SHA512
c3b02b93d9edda644388ddddfc4b72f7acbe6469e6410ecdfcbe33fd3069f2e54e361e7367c070366073ba27ff15accc1299d9dae07614818ffbe6e0133acbe3
-
SSDEEP
98304:Hx25WgvEGxrac5KKlhO+4u1BMjvHkQP4pvzhqADX80iH2I3Pyj7KvkYTprsy07ek:UsUEGzEKG+4uyPRPqzhqADs0i+wrQck
Behavioral task
behavioral1
Sample
SystemLanguage.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
SystemLanguage.exe
Resource
win10v2004-20250207-en
Malware Config
Targets
-
-
Target
SystemLanguage.exe
-
Size
7.2MB
-
MD5
5f6bd390091f33aaae5fd29c12096309
-
SHA1
2d2afedeca2d770d0b82aa114f343cd67accf5e1
-
SHA256
85b9d581f0fb0c6000e5586d0aad392c7af2314d59eae33543a38d5d35d5160d
-
SHA512
cdb64c283d66deb33c1ec2edab28c79af767b0f30f2265c793dbc0879b23a65d0a8e26d3758a04cceaa24ec4c712b3c8720f0d4ad7db3cfe144613c8c14bb892
-
SSDEEP
98304:aB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:XcUG4raKu24YY7HVT4hV0AD6QgqKRgX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3