Overview

overview

9

Static

static

b38d2dae93...30.exe

windows7-x64

9

b38d2dae93...30.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    b38d2dae93bd84d21220af1eca86ec8f49573ed8693a052b392d9cec05f5f330

  • Size

    2.7MB

  • Sample

    221127-njtxyagf9w

  • MD5

    5e15d855ee974151f00549d749153d4b

  • SHA1

    f524c6a7b879fcfef2699b76b9e5378ae27eb650

  • SHA256

    b38d2dae93bd84d21220af1eca86ec8f49573ed8693a052b392d9cec05f5f330

  • SHA512

    38d9017181d535558bdbb413231955345130ff86e324527a02770896f2716a50bcb014e9f07ad5954e1a9bd93f8b980566aeff661bc6bef84c39788f1558f548

  • SSDEEP

    49152:N4BKafM2m8n9dz9gv2iRvMJceoPxPtpdD+a6UMU5aIEobrCOVVbHchvRjR:um8nvz9geiRsXoPyOaobmWCvZR

Score
9/10
evasion

Malware Config

Targets

    • Target

      b38d2dae93bd84d21220af1eca86ec8f49573ed8693a052b392d9cec05f5f330

    • Size

      2.7MB

    • MD5

      5e15d855ee974151f00549d749153d4b

    • SHA1

      f524c6a7b879fcfef2699b76b9e5378ae27eb650

    • SHA256

      b38d2dae93bd84d21220af1eca86ec8f49573ed8693a052b392d9cec05f5f330

    • SHA512

      38d9017181d535558bdbb413231955345130ff86e324527a02770896f2716a50bcb014e9f07ad5954e1a9bd93f8b980566aeff661bc6bef84c39788f1558f548

    • SSDEEP

      49152:N4BKafM2m8n9dz9gv2iRvMJceoPxPtpdD+a6UMU5aIEobrCOVVbHchvRjR:um8nvz9geiRsXoPyOaobmWCvZR

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks