813db2df28a0a1a206da88adf08ff83d56c54b539bf6480c146fa4486e6a7bed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

813db2df28a0a1a206da88adf08ff83d56c54b539bf6480c146fa4486e6a7bed
Size

723KB
Sample

221201-c3djhsga22
MD5

dd18f82892db3349db47a3b5fe156e8f
SHA1

02ec0ff9e0cc0ac93c58fdd98fc00150d6fdf42b
SHA256

813db2df28a0a1a206da88adf08ff83d56c54b539bf6480c146fa4486e6a7bed
SHA512

c4a191325cebf2d9dd91382a07f8380bc66088278baba63b78fb1c8399c2fc5335090fc451ab7fe68f3c817f677bde0a126fd4220f2cf2be9c25373b9d5494c4
SSDEEP

12288:9dqjxr2vGQS5QaNPr5lXWg6Eucw5FMP6wha6AqfpnBQ5rIILNQ7RxDvLHTpEx:/qR2PS57NNlX96ECDrTEjy

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  813db2df28a0a1a206da88adf08ff83d56c54b539bf6480c146fa4486e6a7bed
- Size
  
  723KB
- MD5
  
  dd18f82892db3349db47a3b5fe156e8f
- SHA1
  
  02ec0ff9e0cc0ac93c58fdd98fc00150d6fdf42b
- SHA256
  
  813db2df28a0a1a206da88adf08ff83d56c54b539bf6480c146fa4486e6a7bed
- SHA512
  
  c4a191325cebf2d9dd91382a07f8380bc66088278baba63b78fb1c8399c2fc5335090fc451ab7fe68f3c817f677bde0a126fd4220f2cf2be9c25373b9d5494c4
- SSDEEP
  
  12288:9dqjxr2vGQS5QaNPr5lXWg6Eucw5FMP6wha6AqfpnBQ5rIILNQ7RxDvLHTpEx:/qR2PS57NNlX96ECDrTEjy
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2