d895857478f48ce6561d616af4cd237e24b83af20553e29f3bc1c2b314000843 | Triage

Sharing

General

Target

d895857478f48ce6561d616af4cd237e24b83af20553e29f3bc1c2b314000843
Size

2.6MB
Sample

221123-zd27xacf29
MD5

8a2bab68c5ac3fe90789e8238a67d5ed
SHA1

09e2cac47af036a6866b4276ffa896fc508e402d
SHA256

d895857478f48ce6561d616af4cd237e24b83af20553e29f3bc1c2b314000843
SHA512

dc247dfb2f649652274b9084452c46e27b2d2f3a23b1502b46005cfa3802395910672ff4c30b89114f5f0c7517921c5056ece3cfee3c059144adc5f9f7913bb7
SSDEEP

49152:zXUJwp1CjTDHgi/DhJyTfnebV9ei+6lgao3LaFMikXzHDL67kn:bUJICjv9/DjyTfWnM8ZoWFIHv67kn

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  d895857478f48ce6561d616af4cd237e24b83af20553e29f3bc1c2b314000843
- Size
  
  2.6MB
- MD5
  
  8a2bab68c5ac3fe90789e8238a67d5ed
- SHA1
  
  09e2cac47af036a6866b4276ffa896fc508e402d
- SHA256
  
  d895857478f48ce6561d616af4cd237e24b83af20553e29f3bc1c2b314000843
- SHA512
  
  dc247dfb2f649652274b9084452c46e27b2d2f3a23b1502b46005cfa3802395910672ff4c30b89114f5f0c7517921c5056ece3cfee3c059144adc5f9f7913bb7
- SSDEEP
  
  49152:zXUJwp1CjTDHgi/DhJyTfnebV9ei+6lgao3LaFMikXzHDL67kn:bUJICjv9/DjyTfWnM8ZoWFIHv67kn
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2