Overview

overview

9

Static

static

3131ca2b84...7a.exe

windows7-x64

9

3131ca2b84...7a.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    3131ca2b8404e6eaf6e9f03232a9648fc0b548fda8720acbc941b106d50f837a

  • Size

    1.9MB

  • Sample

    221123-zftnjsfh3s

  • MD5

    a27aa1aaba2ea3d568111ef7a2a25230

  • SHA1

    fc9b3c414c1c34a5ede39469ad4fca02bee681ba

  • SHA256

    3131ca2b8404e6eaf6e9f03232a9648fc0b548fda8720acbc941b106d50f837a

  • SHA512

    0048d580aac86e546e08f829ffe758c2e7e536a3ba3e749c86523acff0461fed8166e5fd73d2fa15c64ab23738c1d32ee0a3dc045140db86f2b0ddf20aa78c3d

  • SSDEEP

    49152:f2zxwgTfJg+91tg+W3P0PVUoyil6je30whMqnO:uNwgfJTCl8Koyo7kwhMqnO

Score
9/10
evasionupx

Malware Config

Targets

    • Target

      3131ca2b8404e6eaf6e9f03232a9648fc0b548fda8720acbc941b106d50f837a

    • Size

      1.9MB

    • MD5

      a27aa1aaba2ea3d568111ef7a2a25230

    • SHA1

      fc9b3c414c1c34a5ede39469ad4fca02bee681ba

    • SHA256

      3131ca2b8404e6eaf6e9f03232a9648fc0b548fda8720acbc941b106d50f837a

    • SHA512

      0048d580aac86e546e08f829ffe758c2e7e536a3ba3e749c86523acff0461fed8166e5fd73d2fa15c64ab23738c1d32ee0a3dc045140db86f2b0ddf20aa78c3d

    • SSDEEP

      49152:f2zxwgTfJg+91tg+W3P0PVUoyil6je30whMqnO:uNwgfJTCl8Koyo7kwhMqnO

    Score
    9/10
    evasionupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks