908998edac3468f70f7eb6745c3fafdddfbcfd4bbbbc915ce761f36dadb1b82a | Triage

Sharing

General

Target

908998edac3468f70f7eb6745c3fafdddfbcfd4bbbbc915ce761f36dadb1b82a
Size

737KB
Sample

221123-qyqvyafb78
MD5

df9941ce87d7e605c877f77374ff1d43
SHA1

d18bdd83fb7b210212ce3815c407a013c5346540
SHA256

908998edac3468f70f7eb6745c3fafdddfbcfd4bbbbc915ce761f36dadb1b82a
SHA512

351027ca9c1a425a5ef0ca24bc0c82ff563c38d469bd6fbd66d7fbc6202b8ea2ab252fb8f59e557ae88ae6f42698da6a779a66216bde22c18e0446b8cf58ecdd
SSDEEP

12288:GrO53mqOowXHaSsTId/rBLPGuBaXry6LT3ddAzJbovfkNaOk+Rp5byL3gFwSV0b7:+yf2H0TIrNuyI7T3JkNaJ+RjGTgzEUXQ

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  908998edac3468f70f7eb6745c3fafdddfbcfd4bbbbc915ce761f36dadb1b82a
- Size
  
  737KB
- MD5
  
  df9941ce87d7e605c877f77374ff1d43
- SHA1
  
  d18bdd83fb7b210212ce3815c407a013c5346540
- SHA256
  
  908998edac3468f70f7eb6745c3fafdddfbcfd4bbbbc915ce761f36dadb1b82a
- SHA512
  
  351027ca9c1a425a5ef0ca24bc0c82ff563c38d469bd6fbd66d7fbc6202b8ea2ab252fb8f59e557ae88ae6f42698da6a779a66216bde22c18e0446b8cf58ecdd
- SSDEEP
  
  12288:GrO53mqOowXHaSsTId/rBLPGuBaXry6LT3ddAzJbovfkNaOk+Rp5byL3gFwSV0b7:+yf2H0TIrNuyI7T3JkNaJ+RjGTgzEUXQ
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2