General
-
Target
21d5abd8958b27c84f529d65dc173ccb9fa16c8aef7dfc4155bdd43af975aa44
-
Size
2.0MB
-
Sample
221125-j4hm7age4w
-
MD5
8b9c90eadea4813f4ed88f2fd2514051
-
SHA1
5fa5acdc0a992852adb1f0f8abe89e91275870df
-
SHA256
21d5abd8958b27c84f529d65dc173ccb9fa16c8aef7dfc4155bdd43af975aa44
-
SHA512
233aa12dba23fd5ae67f35d775916be293639e80d858fb861b8d741ec73faeec00eeda1d23f78f9f4d62229b8b5321b21b6f4f4b19dee1da8d1a2a3821f6d8aa
-
SSDEEP
49152:oThCyvCn05iiti9qo/3xgFZiKxlShWdh9uAnGr5FmcI:oVCsxtc+QhVAnOm5
Behavioral task
behavioral1
Sample
21d5abd8958b27c84f529d65dc173ccb9fa16c8aef7dfc4155bdd43af975aa44.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
21d5abd8958b27c84f529d65dc173ccb9fa16c8aef7dfc4155bdd43af975aa44
-
Size
2.0MB
-
MD5
8b9c90eadea4813f4ed88f2fd2514051
-
SHA1
5fa5acdc0a992852adb1f0f8abe89e91275870df
-
SHA256
21d5abd8958b27c84f529d65dc173ccb9fa16c8aef7dfc4155bdd43af975aa44
-
SHA512
233aa12dba23fd5ae67f35d775916be293639e80d858fb861b8d741ec73faeec00eeda1d23f78f9f4d62229b8b5321b21b6f4f4b19dee1da8d1a2a3821f6d8aa
-
SSDEEP
49152:oThCyvCn05iiti9qo/3xgFZiKxlShWdh9uAnGr5FmcI:oVCsxtc+QhVAnOm5
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-