ec76e384b8af62843556499e9f15dccd8d00a4994fa1f32fba0e8f9b3cbfed3f | Triage

Sharing

General

Target

ec76e384b8af62843556499e9f15dccd8d00a4994fa1f32fba0e8f9b3cbfed3f
Size

1.2MB
Sample

221126-3ptxfsgh7s
MD5

b69e8ea1045d58d6f54c346c491acf9d
SHA1

cd1ca42900a440e19b1c198195e039603f8034c4
SHA256

ec76e384b8af62843556499e9f15dccd8d00a4994fa1f32fba0e8f9b3cbfed3f
SHA512

c08d4d6889e603ab6746eb228cb2ed7aa938330b7d75d710d524f9b48c98d1279dc359dd02a3e14d0201c808c2619f171d1465e7bd85083395e128b22ce57e31
SSDEEP

24576:HTH/O02E7HfT0Ff1+aNcShCveQY7gj+YKK6fUav1B+whRyqqOakUe:j/OGzb0R1TcShfQ1+NKwvWqqVkUe

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  ec76e384b8af62843556499e9f15dccd8d00a4994fa1f32fba0e8f9b3cbfed3f
- Size
  
  1.2MB
- MD5
  
  b69e8ea1045d58d6f54c346c491acf9d
- SHA1
  
  cd1ca42900a440e19b1c198195e039603f8034c4
- SHA256
  
  ec76e384b8af62843556499e9f15dccd8d00a4994fa1f32fba0e8f9b3cbfed3f
- SHA512
  
  c08d4d6889e603ab6746eb228cb2ed7aa938330b7d75d710d524f9b48c98d1279dc359dd02a3e14d0201c808c2619f171d1465e7bd85083395e128b22ce57e31
- SSDEEP
  
  24576:HTH/O02E7HfT0Ff1+aNcShCveQY7gj+YKK6fUav1B+whRyqqOakUe:j/OGzb0R1TcShfQ1+NKwvWqqVkUe
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2