25587b1e1d55ec2cd8794168cecafe1c5fd82c38df987a329c6968131663fb30 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25587b1e1d55ec2cd8794168cecafe1c5fd82c38df987a329c6968131663fb30
Size

1.7MB
Sample

221127-xetwtaec7x
MD5

6bc0deab692aea4a95c5e1220cc428d2
SHA1

e3dcf818c0a01d517f4ec9fa8c397bb41e511cbb
SHA256

25587b1e1d55ec2cd8794168cecafe1c5fd82c38df987a329c6968131663fb30
SHA512

40e47b3b46b71ac8d548f3f731851630d8c75a21aa296e590c4b572cb3b901270c690e33331608a14b97e3038a55bac0f33e33f91848b5067254041af0c0944b
SSDEEP

24576:2svJ+MqOKLOiI2DA6r76vLY3u1+BRWyYSCCCQrBsFdq/+siVKveT0L2TdMo1j9Jq:zJfKLPAaDu1+LchBQrdViVKmIyZMWjj

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  25587b1e1d55ec2cd8794168cecafe1c5fd82c38df987a329c6968131663fb30
- Size
  
  1.7MB
- MD5
  
  6bc0deab692aea4a95c5e1220cc428d2
- SHA1
  
  e3dcf818c0a01d517f4ec9fa8c397bb41e511cbb
- SHA256
  
  25587b1e1d55ec2cd8794168cecafe1c5fd82c38df987a329c6968131663fb30
- SHA512
  
  40e47b3b46b71ac8d548f3f731851630d8c75a21aa296e590c4b572cb3b901270c690e33331608a14b97e3038a55bac0f33e33f91848b5067254041af0c0944b
- SSDEEP
  
  24576:2svJ+MqOKLOiI2DA6r76vLY3u1+BRWyYSCCCQrBsFdq/+siVKveT0L2TdMo1j9Jq:zJfKLPAaDu1+LchBQrdViVKmIyZMWjj
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2