5ec65b73c505fa221d5f9191ed767a1a027c60f8544392360c8d153955f594fc | Triage

Sharing

General

Target

document-130722.10498.iso
Size

3.8MB
Sample

220924-rtms6acgcl
MD5

1a9905f5741a42d40b45b6a7ae6106ec
SHA1

af11b5cf9b3d19912f53ecf7c8c34803575a0ecd
SHA256

5ec65b73c505fa221d5f9191ed767a1a027c60f8544392360c8d153955f594fc
SHA512

73bc1d5aaf67182079d71949fc048f9f8405a5fd826096fc0523c1f38a8dd8a40b25016ee593f446428fc1bbe33abc540e74a27e83d5e41a95660f06b1742f84
SSDEEP

98304:prZajYuLe1sCyexei+sawVPTmoRjl1Y4BZ9YvfC:p8e15k3o5Y4BZ9YvfC

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  document-130722.10498.lnk
- Size
  
  1KB
- MD5
  
  4fc5487f3a00ebde42c1f00e338fb9b0
- SHA1
  
  c129fef267cf6e76c565b9206a078fc1f2f78889
- SHA256
  
  32de9a1f6a2a109cb6dedc1cfa9b14e0ce443c53e1232b8c459fe0ad25f473b7
- SHA512
  
  1d77f640b27b0a537ab9121601e00956347b2641febe04261d1ef40688004344fa0d8e144d9167c273136162b346c9e565e394fc6fa008e11e529caefaf1e00b
Score

9^/10

evasion
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  wfNRQyZ3.dll
- Size
  
  2.5MB
- MD5
  
  9dea5835fdda192d4bb8f6cd4e95796a
- SHA1
  
  665125b86bd37fb06dbd7f885f9aaef88fe8b5ab
- SHA256
  
  b1c850a3bf6e7fee0be2f49b8fcd9702919e2a97d5d552471f32a19fcd6b84fe
- SHA512
  
  18dfc88274c8f61788193974d203847f9d2c0e8e7b82ca16d9cc2ff0b33b9a47b59a0064133c39e566858ce10f737a4a685ec684ee75ff8ed73a802503d090fd
- SSDEEP
  
  49152:/UV3vu1ezCyexei+sac9mEVZRTmoypijlyMY4QfE9L9qPvfC:L1sCyexei+sawVPTmoRjl1Y4BZ9YvfC
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4