43b044e0f4fe3cd3614d5ad760f7625d9799eb1464a956477f427fbc21d05258 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43b044e0f4fe3cd3614d5ad760f7625d9799eb1464a956477f427fbc21d05258
Size

814KB
Sample

221020-zn5qsaeadl
MD5

900b5397310009afec859c44a9bbad00
SHA1

3d2b54dbe9238e4729d8c5b5456058e8aaa093a0
SHA256

43b044e0f4fe3cd3614d5ad760f7625d9799eb1464a956477f427fbc21d05258
SHA512

263bac5a78f797c3693c1ad940539fc3abf0cfea7ad70fd3c329e7b913ad18d044834b0b944a8c286d331768600a65a67e674218308d2c569e7406aa84ef4294
SSDEEP

12288:FgP2TLbG9nOPWz1k1gSKSjDR44dNgXivCdZGdYweo613rQJbVcr+r+:rTcDmgSKSn+pXGaoWrQJBBr

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  43b044e0f4fe3cd3614d5ad760f7625d9799eb1464a956477f427fbc21d05258
- Size
  
  814KB
- MD5
  
  900b5397310009afec859c44a9bbad00
- SHA1
  
  3d2b54dbe9238e4729d8c5b5456058e8aaa093a0
- SHA256
  
  43b044e0f4fe3cd3614d5ad760f7625d9799eb1464a956477f427fbc21d05258
- SHA512
  
  263bac5a78f797c3693c1ad940539fc3abf0cfea7ad70fd3c329e7b913ad18d044834b0b944a8c286d331768600a65a67e674218308d2c569e7406aa84ef4294
- SSDEEP
  
  12288:FgP2TLbG9nOPWz1k1gSKSjDR44dNgXivCdZGdYweo613rQJbVcr+r+:rTcDmgSKSn+pXGaoWrQJBBr
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2