b4d87b2343b86d2600dd621009a6d582fc5d6966405232ff9102d2b2ddddad20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4d87b2343b86d2600dd621009a6d582fc5d6966405232ff9102d2b2ddddad20
Size

1.3MB
Sample

221127-r4gpwsee49
MD5

b7022dc71a2cd1d7ead05c99389abb3c
SHA1

de2b6c640b4f3a076f48a0309c14e61e427f7da1
SHA256

b4d87b2343b86d2600dd621009a6d582fc5d6966405232ff9102d2b2ddddad20
SHA512

5eceb4ac7081b8725f4c889af57f91c8538e3eee880f8aeb5ef69a589c06b8f1641ae838d8fbe6588c111fc28ee9228cf529256a553f506ce96a28a0826b8764
SSDEEP

24576:tdq1aEzqms5S5VKJiZQgk9qwgGo56nT67L5UaaOfyhMJ3cMYjezu4zx1AFlzejRj:a1hc5S5rZbk9qw+sTOLtaqMMYazuM1eU

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  b4d87b2343b86d2600dd621009a6d582fc5d6966405232ff9102d2b2ddddad20
- Size
  
  1.3MB
- MD5
  
  b7022dc71a2cd1d7ead05c99389abb3c
- SHA1
  
  de2b6c640b4f3a076f48a0309c14e61e427f7da1
- SHA256
  
  b4d87b2343b86d2600dd621009a6d582fc5d6966405232ff9102d2b2ddddad20
- SHA512
  
  5eceb4ac7081b8725f4c889af57f91c8538e3eee880f8aeb5ef69a589c06b8f1641ae838d8fbe6588c111fc28ee9228cf529256a553f506ce96a28a0826b8764
- SSDEEP
  
  24576:tdq1aEzqms5S5VKJiZQgk9qwgGo56nT67L5UaaOfyhMJ3cMYjezu4zx1AFlzejRj:a1hc5S5rZbk9qw+sTOLtaqMMYazuM1eU
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2