8c0da9a43ce62436657b266370ac18af722bde6ae6430107baa56ef2a7b5e70f | Triage

Sharing

General

Target

8c0da9a43ce62436657b266370ac18af722bde6ae6430107baa56ef2a7b5e70f
Size

820KB
Sample

221123-xlgj3aad2v
MD5

79fbb5176d534a1e7329f323e8441bf7
SHA1

9714680debbb99b5f3b5f2d9dfc9c0f4922baf0e
SHA256

8c0da9a43ce62436657b266370ac18af722bde6ae6430107baa56ef2a7b5e70f
SHA512

6420e4469cc9b1cf176191dbe4f1a984a479b80173956af273900caf1890cd38223ce2e103d36da151833e3537f97c7d4964a7d3bd869feaf0b932a8cdab5702
SSDEEP

24576:n9JtFP8IDLNqSiZCmHhlKPn3JQ/ZKJ+cFyi:nkMn6ePnZQ/ZKIc

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  8c0da9a43ce62436657b266370ac18af722bde6ae6430107baa56ef2a7b5e70f
- Size
  
  820KB
- MD5
  
  79fbb5176d534a1e7329f323e8441bf7
- SHA1
  
  9714680debbb99b5f3b5f2d9dfc9c0f4922baf0e
- SHA256
  
  8c0da9a43ce62436657b266370ac18af722bde6ae6430107baa56ef2a7b5e70f
- SHA512
  
  6420e4469cc9b1cf176191dbe4f1a984a479b80173956af273900caf1890cd38223ce2e103d36da151833e3537f97c7d4964a7d3bd869feaf0b932a8cdab5702
- SSDEEP
  
  24576:n9JtFP8IDLNqSiZCmHhlKPn3JQ/ZKJ+cFyi:nkMn6ePnZQ/ZKIc
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2