79720647a2498617ce72fca259a09e11ba5530cbb9194f7b1e5a6afb9a28bb42 | Triage

Sharing

General

Target

79720647a2498617ce72fca259a09e11ba5530cbb9194f7b1e5a6afb9a28bb42
Size

741KB
Sample

221201-c9jn4sge62
MD5

3f46931b9bda7ba7567a533f7ef2754f
SHA1

abcdf308fbcaad81056857fe618199ada41b186e
SHA256

79720647a2498617ce72fca259a09e11ba5530cbb9194f7b1e5a6afb9a28bb42
SHA512

6585cbde38f47faf4a95dece39d50ce1748c02ea2d393c587ce3f4fe83315365515025187caac66a91258424f1d78ea07eff5faff77346c68d328e799c45f7bd
SSDEEP

12288:nArncnqeTPWyQSP6kLz+wlN35JM2XyQy/3HFLaGjMn4jhxyA/eh469:Qncqea3StfJNJJRXry/Xdv0UhEAc4m

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  79720647a2498617ce72fca259a09e11ba5530cbb9194f7b1e5a6afb9a28bb42
- Size
  
  741KB
- MD5
  
  3f46931b9bda7ba7567a533f7ef2754f
- SHA1
  
  abcdf308fbcaad81056857fe618199ada41b186e
- SHA256
  
  79720647a2498617ce72fca259a09e11ba5530cbb9194f7b1e5a6afb9a28bb42
- SHA512
  
  6585cbde38f47faf4a95dece39d50ce1748c02ea2d393c587ce3f4fe83315365515025187caac66a91258424f1d78ea07eff5faff77346c68d328e799c45f7bd
- SSDEEP
  
  12288:nArncnqeTPWyQSP6kLz+wlN35JM2XyQy/3HFLaGjMn4jhxyA/eh469:Qncqea3StfJNJJRXry/Xdv0UhEAc4m
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2