General

  • Target

    pafish.exe

  • Size

    75KB

  • Sample

    201125-n4jqxp8yrn

  • MD5

    9159edb64c4a21d8888d088bf2db23f3

  • SHA1

    124f46228d1e220d88ae5e9a24d6e713039a64f9

  • SHA256

    2180f4a13add5e346e8cf6994876a9d2f5eac3fcb695db8569537010d24cd6d5

  • SHA512

    4b6d56b81dd3cd42bb53fc8d68b5c8ef0d6c85ebcc503cd042ae5c19e8965e6477f259a02bafb9c5c66956ae1023fc30e3be5bbcd526eacc8480f93d74c1ab7c

Score
9/10

Malware Config

Targets

    • Target

      pafish.exe

    • Size

      75KB

    • MD5

      9159edb64c4a21d8888d088bf2db23f3

    • SHA1

      124f46228d1e220d88ae5e9a24d6e713039a64f9

    • SHA256

      2180f4a13add5e346e8cf6994876a9d2f5eac3fcb695db8569537010d24cd6d5

    • SHA512

      4b6d56b81dd3cd42bb53fc8d68b5c8ef0d6c85ebcc503cd042ae5c19e8965e6477f259a02bafb9c5c66956ae1023fc30e3be5bbcd526eacc8480f93d74c1ab7c

    Score
    9/10
    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

5
T1497

Discovery

Query Registry

6
T1012

Virtualization/Sandbox Evasion

5
T1497

System Information Discovery

1
T1082

Tasks