7613d7fa04b0074ddd9ce38c22537f244c212eb118fa97f7451a280cffa7b31c | Triage

Sharing

General

Target

7613d7fa04b0074ddd9ce38c22537f244c212eb118fa97f7451a280cffa7b31c
Size

706KB
Sample

221129-jgy2nacf2w
MD5

36c674ce043ec865cf020f621c3aae61
SHA1

b888f8525759ca7fa71b75a4ed9457d4683125bf
SHA256

7613d7fa04b0074ddd9ce38c22537f244c212eb118fa97f7451a280cffa7b31c
SHA512

44cbc78833f07cb03f26a769b8684932aae66c78b91156733e3388237af120025605e1ad161bcc5acc16ef8e65cc6ce2b3ecf154bf4b88825f1876be13af5f29
SSDEEP

12288:3pvcrpmLZKp32+aReKaHA45iMPIMizUV74oAyE+uLnzrKfSHZBe+jtIsLdjT9CDg:3FbKR2MbZiU1AyE+QvKfge+jtfJ9KxS

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  7613d7fa04b0074ddd9ce38c22537f244c212eb118fa97f7451a280cffa7b31c
- Size
  
  706KB
- MD5
  
  36c674ce043ec865cf020f621c3aae61
- SHA1
  
  b888f8525759ca7fa71b75a4ed9457d4683125bf
- SHA256
  
  7613d7fa04b0074ddd9ce38c22537f244c212eb118fa97f7451a280cffa7b31c
- SHA512
  
  44cbc78833f07cb03f26a769b8684932aae66c78b91156733e3388237af120025605e1ad161bcc5acc16ef8e65cc6ce2b3ecf154bf4b88825f1876be13af5f29
- SSDEEP
  
  12288:3pvcrpmLZKp32+aReKaHA45iMPIMizUV74oAyE+uLnzrKfSHZBe+jtIsLdjT9CDg:3FbKR2MbZiU1AyE+QvKfge+jtfJ9KxS
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2