52213f9383e857192fee2e1d3de52ff443de128ec2f707ce2a2891a25cabac63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52213f9383e857192fee2e1d3de52ff443de128ec2f707ce2a2891a25cabac63
Size

4.7MB
Sample

221014-xnjr7sebc6
MD5

0c16c996fae4a21caaaf404b9e481e41
SHA1

72f4361438c1aa241e90c2728d4e3425869ea3d7
SHA256

52213f9383e857192fee2e1d3de52ff443de128ec2f707ce2a2891a25cabac63
SHA512

a733262a1cb404934dcf7592f2091e0813ce2acaaac06f73954a6fc2ec5b1ac1e7bae55b05b7ac9a580520670bb1fd812f0d848b530aba4f45fb1fe1a6198754
SSDEEP

98304:te+d4wBEUmWwjAaoDbH6J+yPhlhi4JZhpa9hZcpXT1QorMN/GB:te+lI0lCIyPhlhfZKPchT10/GB

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  52213f9383e857192fee2e1d3de52ff443de128ec2f707ce2a2891a25cabac63
- Size
  
  4.7MB
- MD5
  
  0c16c996fae4a21caaaf404b9e481e41
- SHA1
  
  72f4361438c1aa241e90c2728d4e3425869ea3d7
- SHA256
  
  52213f9383e857192fee2e1d3de52ff443de128ec2f707ce2a2891a25cabac63
- SHA512
  
  a733262a1cb404934dcf7592f2091e0813ce2acaaac06f73954a6fc2ec5b1ac1e7bae55b05b7ac9a580520670bb1fd812f0d848b530aba4f45fb1fe1a6198754
- SSDEEP
  
  98304:te+d4wBEUmWwjAaoDbH6J+yPhlhi4JZhpa9hZcpXT1QorMN/GB:te+lI0lCIyPhlhfZKPchT10/GB
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2