337e76cb56aecf6d3d7c4606504615dd5efbc2bae6ae1d82b5c9c626be755187 | Triage

Sharing

General

Target

337e76cb56aecf6d3d7c4606504615dd5efbc2bae6ae1d82b5c9c626be755187
Size

1.7MB
Sample

221123-zecnmscf49
MD5

d6b4e2a9a9a90ef118c6ba8d0ed91f73
SHA1

77beb1a43606ca91364d2f49c78320a52bfdb228
SHA256

337e76cb56aecf6d3d7c4606504615dd5efbc2bae6ae1d82b5c9c626be755187
SHA512

e5275aac5409e729e9c9d775cd72a06f4c66d2da580b77a811fd7be6aec790f97e99e2d2f50d6b233f3f8b0a1b2e850f554fcabe4dc5a9e9c0b7ba60e8efd123
SSDEEP

24576:iril7MZhdzOAZjiR37AKxeuA4nN3zJh+hKSJWDTK2GONIjkm8kaXIsfXIb5JEFBy:iIMZjzDjiRrJzwdWaFOKAmGfXIdcbA

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  337e76cb56aecf6d3d7c4606504615dd5efbc2bae6ae1d82b5c9c626be755187
- Size
  
  1.7MB
- MD5
  
  d6b4e2a9a9a90ef118c6ba8d0ed91f73
- SHA1
  
  77beb1a43606ca91364d2f49c78320a52bfdb228
- SHA256
  
  337e76cb56aecf6d3d7c4606504615dd5efbc2bae6ae1d82b5c9c626be755187
- SHA512
  
  e5275aac5409e729e9c9d775cd72a06f4c66d2da580b77a811fd7be6aec790f97e99e2d2f50d6b233f3f8b0a1b2e850f554fcabe4dc5a9e9c0b7ba60e8efd123
- SSDEEP
  
  24576:iril7MZhdzOAZjiR37AKxeuA4nN3zJh+hKSJWDTK2GONIjkm8kaXIsfXIb5JEFBy:iIMZjzDjiRrJzwdWaFOKAmGfXIdcbA
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2