b7b742027f7dba7c2ca936e69650f21f1e2c249698bbff40f70cedb0783990a4 | Triage

Sharing

General

Target

b7b742027f7dba7c2ca936e69650f21f1e2c249698bbff40f70cedb0783990a4
Size

1.3MB
Sample

221126-vqhltaaf93
MD5

615d1137ea8dff5bc2e32500509da5a1
SHA1

d210e5f9ac887cc9a4706c89cd3728b14dd7e996
SHA256

b7b742027f7dba7c2ca936e69650f21f1e2c249698bbff40f70cedb0783990a4
SHA512

40c956ca9dac2d12479686a01671e1f275f09cd2ee61d01a3c0d9c83d8346ff643408eb4b753d2b60ce1aeb103607ea9e7780e9a5843dd6b7ee5256fde029f66
SSDEEP

24576:hf+KPyNSARNj7IwbjcLxSBFOWbmCDBvuVCOb5bjnP+XRJXgvvDtVEjEYR0vLwkF:v6NSuRtcLEBFOCmCDdAJwYHDDEfRro

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  b7b742027f7dba7c2ca936e69650f21f1e2c249698bbff40f70cedb0783990a4
- Size
  
  1.3MB
- MD5
  
  615d1137ea8dff5bc2e32500509da5a1
- SHA1
  
  d210e5f9ac887cc9a4706c89cd3728b14dd7e996
- SHA256
  
  b7b742027f7dba7c2ca936e69650f21f1e2c249698bbff40f70cedb0783990a4
- SHA512
  
  40c956ca9dac2d12479686a01671e1f275f09cd2ee61d01a3c0d9c83d8346ff643408eb4b753d2b60ce1aeb103607ea9e7780e9a5843dd6b7ee5256fde029f66
- SSDEEP
  
  24576:hf+KPyNSARNj7IwbjcLxSBFOWbmCDBvuVCOb5bjnP+XRJXgvvDtVEjEYR0vLwkF:v6NSuRtcLEBFOCmCDdAJwYHDDEfRro
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2