867c88b3ca10a3cee73ee5494ebf49dd534787150a647d49ec9fed9f56674a5d | Triage

Sharing

General

Target

867c88b3ca10a3cee73ee5494ebf49dd534787150a647d49ec9fed9f56674a5d
Size

806KB
Sample

221019-2awbasbbbj
MD5

915dfb806d8e7939270c8495ca762a1d
SHA1

be41eb6b9d5bf7cd2f9c6f6df63ea348313eabf2
SHA256

867c88b3ca10a3cee73ee5494ebf49dd534787150a647d49ec9fed9f56674a5d
SHA512

807c0b2e30b17a200444c4b56c95a44b9308d4a5faf4849e81b8f905575a70b987c9bd743168b090ae0d93e5237f3fe9c3877ad07399d24f9d28fc16b86743ad
SSDEEP

24576:hKjJTKU7ML0UeHeCPZhalSQGpzKKvLfx9vCKo0pSFwGSpj:hKjsUQwUehZhB1rDXvNgc

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  867c88b3ca10a3cee73ee5494ebf49dd534787150a647d49ec9fed9f56674a5d
- Size
  
  806KB
- MD5
  
  915dfb806d8e7939270c8495ca762a1d
- SHA1
  
  be41eb6b9d5bf7cd2f9c6f6df63ea348313eabf2
- SHA256
  
  867c88b3ca10a3cee73ee5494ebf49dd534787150a647d49ec9fed9f56674a5d
- SHA512
  
  807c0b2e30b17a200444c4b56c95a44b9308d4a5faf4849e81b8f905575a70b987c9bd743168b090ae0d93e5237f3fe9c3877ad07399d24f9d28fc16b86743ad
- SSDEEP
  
  24576:hKjJTKU7ML0UeHeCPZhalSQGpzKKvLfx9vCKo0pSFwGSpj:hKjsUQwUehZhB1rDXvNgc
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2