c0a6c28345195508e28c0ec0b66b9649e6b1858f786ba19f4962ce54f98adc0d | Triage

Sharing

General

Target

c0a6c28345195508e28c0ec0b66b9649e6b1858f786ba19f4962ce54f98adc0d
Size

1.2MB
Sample

221203-q744xsfc73
MD5

0b290ad9a4c8ef3e240e8c1e921b4173
SHA1

8c6a277e702334c296773d314fac692560874f21
SHA256

c0a6c28345195508e28c0ec0b66b9649e6b1858f786ba19f4962ce54f98adc0d
SHA512

05792c6e1dabff8b973a3f7491c382b1bf3dad4a19421c113a911eb3bc910cc06a1c6361448c8fe35c20a50db06008f250952e34f82b4c65a26978395814b3fb
SSDEEP

24576:MQxzUuGtLwlJtRK91SgmDMbivYiUHhwj+sK8hAO8x:dDGZ82knY7ij+slg

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  c0a6c28345195508e28c0ec0b66b9649e6b1858f786ba19f4962ce54f98adc0d
- Size
  
  1.2MB
- MD5
  
  0b290ad9a4c8ef3e240e8c1e921b4173
- SHA1
  
  8c6a277e702334c296773d314fac692560874f21
- SHA256
  
  c0a6c28345195508e28c0ec0b66b9649e6b1858f786ba19f4962ce54f98adc0d
- SHA512
  
  05792c6e1dabff8b973a3f7491c382b1bf3dad4a19421c113a911eb3bc910cc06a1c6361448c8fe35c20a50db06008f250952e34f82b4c65a26978395814b3fb
- SSDEEP
  
  24576:MQxzUuGtLwlJtRK91SgmDMbivYiUHhwj+sK8hAO8x:dDGZ82knY7ij+slg
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2