55bfb82763adf5d91165df1e1237aa19abc6b71a4341f6208b09555704daff2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55bfb82763adf5d91165df1e1237aa19abc6b71a4341f6208b09555704daff2d
Size

776KB
Sample

221030-e8qr5sdcer
MD5

a31769bc3b7589ccd1a881e4171744a0
SHA1

b780cfb4f560eaec36e7d07fc9fccca577f59fd0
SHA256

55bfb82763adf5d91165df1e1237aa19abc6b71a4341f6208b09555704daff2d
SHA512

db6310801fc635ccd9731087d08c821a57ce9ccbf5d92a7f3cdf0ade3c0606dc3add4964e6ebc22badb0aac7da46c8d46420eef6c7e337254ec04cc8b0a073c5
SSDEEP

24576:4T2hJR4JtmAouk7KeWgmHgNlQEUE7bRGYCcMiMigKXGFl:k0KmTWj6UmR7zP1TE

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  55bfb82763adf5d91165df1e1237aa19abc6b71a4341f6208b09555704daff2d
- Size
  
  776KB
- MD5
  
  a31769bc3b7589ccd1a881e4171744a0
- SHA1
  
  b780cfb4f560eaec36e7d07fc9fccca577f59fd0
- SHA256
  
  55bfb82763adf5d91165df1e1237aa19abc6b71a4341f6208b09555704daff2d
- SHA512
  
  db6310801fc635ccd9731087d08c821a57ce9ccbf5d92a7f3cdf0ade3c0606dc3add4964e6ebc22badb0aac7da46c8d46420eef6c7e337254ec04cc8b0a073c5
- SSDEEP
  
  24576:4T2hJR4JtmAouk7KeWgmHgNlQEUE7bRGYCcMiMigKXGFl:k0KmTWj6UmR7zP1TE
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2