b1de633435ef8c90e50c1a8f22b2fe493c22df26b81870c3381ed306ada540e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1de633435ef8c90e50c1a8f22b2fe493c22df26b81870c3381ed306ada540e9
Size

1.1MB
Sample

221003-a5ztesbadl
MD5

658a0e9e1b5279258907b0ee0d7d7090
SHA1

3113b56afb6a8d58ff86581e4649849a9f049bed
SHA256

b1de633435ef8c90e50c1a8f22b2fe493c22df26b81870c3381ed306ada540e9
SHA512

da704cd871646935c672e46fa97e18bdbe870558e51883744e98b7ec3007ac838268fb474cb62659946f76df3b81c633546ec700fede4d687bc910c2b2269254
SSDEEP

24576:5jwBcQopDGANHHT4PhILHgEoIRDbP1uUtjhJQ8+e6BMmp+j27CUkAv:1wBFANHzWyLHxLRxL6BzqfAv

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  b1de633435ef8c90e50c1a8f22b2fe493c22df26b81870c3381ed306ada540e9
- Size
  
  1.1MB
- MD5
  
  658a0e9e1b5279258907b0ee0d7d7090
- SHA1
  
  3113b56afb6a8d58ff86581e4649849a9f049bed
- SHA256
  
  b1de633435ef8c90e50c1a8f22b2fe493c22df26b81870c3381ed306ada540e9
- SHA512
  
  da704cd871646935c672e46fa97e18bdbe870558e51883744e98b7ec3007ac838268fb474cb62659946f76df3b81c633546ec700fede4d687bc910c2b2269254
- SSDEEP
  
  24576:5jwBcQopDGANHHT4PhILHgEoIRDbP1uUtjhJQ8+e6BMmp+j27CUkAv:1wBFANHzWyLHxLRxL6BzqfAv
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2