d67164b5fc13a23ed050ca1dd1a820aa3ef87b52e82c9d4f3215b24058944c52 | Triage

Sharing

General

Target

d67164b5fc13a23ed050ca1dd1a820aa3ef87b52e82c9d4f3215b24058944c52
Size

3.4MB
Sample

221127-e8bm8aac23
MD5

10a069efe25fa1bf581659670b0722fb
SHA1

c688024e6ca69d15d8759c6b88f0b764956bde04
SHA256

d67164b5fc13a23ed050ca1dd1a820aa3ef87b52e82c9d4f3215b24058944c52
SHA512

fc42dd7b3f1ef05deb60fc2f4d9e81e26d41b66a07a50027a377242c73c432d35d4787f523d79abc32d23f1961fbd05cfc8ebba45efaab698b64bfd663036365
SSDEEP

98304:UtE/+2Fd7n0SsezbMuh03MP7vOyEmYaxR97Ttyd6tPfSuBaO:mC75sezp03uv9HtR97IuCc

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  d67164b5fc13a23ed050ca1dd1a820aa3ef87b52e82c9d4f3215b24058944c52
- Size
  
  3.4MB
- MD5
  
  10a069efe25fa1bf581659670b0722fb
- SHA1
  
  c688024e6ca69d15d8759c6b88f0b764956bde04
- SHA256
  
  d67164b5fc13a23ed050ca1dd1a820aa3ef87b52e82c9d4f3215b24058944c52
- SHA512
  
  fc42dd7b3f1ef05deb60fc2f4d9e81e26d41b66a07a50027a377242c73c432d35d4787f523d79abc32d23f1961fbd05cfc8ebba45efaab698b64bfd663036365
- SSDEEP
  
  98304:UtE/+2Fd7n0SsezbMuh03MP7vOyEmYaxR97Ttyd6tPfSuBaO:mC75sezp03uv9HtR97IuCc
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2