f30a867942507beb73c0870195da6c4a5a937781c5e07c279ea2f0c1d391e9c5 | Triage

Sharing

General

Target

f30a867942507beb73c0870195da6c4a5a937781c5e07c279ea2f0c1d391e9c5
Size

1.8MB
Sample

221125-1lacjagh82
MD5

3c24dd3aeecda6634fcd0795c9efad25
SHA1

f832dc72a0ee21f5b54097a8746b0720be450a16
SHA256

f30a867942507beb73c0870195da6c4a5a937781c5e07c279ea2f0c1d391e9c5
SHA512

6527c7fca467e89d777914608977d3c753e54b623f06c64d67df217ecc22d10f47b9d5e39626addd3f32a51c23b541d71d2d81a183270f00b8271f56ee41df48
SSDEEP

49152:EgPY/gWJU8inIxGt+WbgMLz/oB88QkaoY2TQ1K9f0JDMG:iiIAt+GDLz/Q9aoC1KuJDM

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  f30a867942507beb73c0870195da6c4a5a937781c5e07c279ea2f0c1d391e9c5
- Size
  
  1.8MB
- MD5
  
  3c24dd3aeecda6634fcd0795c9efad25
- SHA1
  
  f832dc72a0ee21f5b54097a8746b0720be450a16
- SHA256
  
  f30a867942507beb73c0870195da6c4a5a937781c5e07c279ea2f0c1d391e9c5
- SHA512
  
  6527c7fca467e89d777914608977d3c753e54b623f06c64d67df217ecc22d10f47b9d5e39626addd3f32a51c23b541d71d2d81a183270f00b8271f56ee41df48
- SSDEEP
  
  49152:EgPY/gWJU8inIxGt+WbgMLz/oB88QkaoY2TQ1K9f0JDMG:iiIAt+GDLz/Q9aoC1KuJDM
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Drops startup file
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2