ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357 | Triage

Sharing

General

Target

ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
Size

825KB
Sample

221125-pvestsca9z
MD5

f6b746067124541442b153118fa1f839
SHA1

c4d09b404213b7fb0c14a47fce8b7f01baf67d0e
SHA256

ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
SHA512

a56adc9fe00dad2e37a377888b93bcdba45afb6534e55fdd1689a4e383fc35517ab2d3913d7a7a485b076fc7fad3c548927d6a902332675bc0c86cc5f846c531
SSDEEP

12288:Z5TqrcHghrkp7PCwn9rzbxh65T4Bccme63u+MA34yXlZ2rL3i63OV3WjjkLz5+pP:Z5TqJrkpuErm58OeVeosZQ3ih9WHG

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
- Size
  
  825KB
- MD5
  
  f6b746067124541442b153118fa1f839
- SHA1
  
  c4d09b404213b7fb0c14a47fce8b7f01baf67d0e
- SHA256
  
  ce22c2efe7acbe71251cf4e1cb6b1681d77a66b4bc0be9110acda2ee88b9a357
- SHA512
  
  a56adc9fe00dad2e37a377888b93bcdba45afb6534e55fdd1689a4e383fc35517ab2d3913d7a7a485b076fc7fad3c548927d6a902332675bc0c86cc5f846c531
- SSDEEP
  
  12288:Z5TqrcHghrkp7PCwn9rzbxh65T4Bccme63u+MA34yXlZ2rL3i63OV3WjjkLz5+pP:Z5TqJrkpuErm58OeVeosZQ3ih9WHG
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2