af78c77e15f9f33aef365ad7ac3ebb67f1c0e811b393c1fb195b010d4f6651d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af78c77e15f9f33aef365ad7ac3ebb67f1c0e811b393c1fb195b010d4f6651d9
Size

942KB
Sample

221205-vbs41aca4z
MD5

c637c6909f2456a453c9b1da0f2e798f
SHA1

3587855053bacb7bf3e1d5340a99ac41410eb03f
SHA256

af78c77e15f9f33aef365ad7ac3ebb67f1c0e811b393c1fb195b010d4f6651d9
SHA512

cae19ada459140b0ca7f0bbe12e9d3101f0d02c2f5f2563d101a6a64b654b47649cb3186b371dacd10e32bbd899bfa440d710b546c878039d74456375399c5fa
SSDEEP

24576:H6AEGUhvlj2+tJ+ff7ijwo/N5CUjRXTmAxQzcCVKaY1y:H6x3lXefGNDXzUciTH

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  af78c77e15f9f33aef365ad7ac3ebb67f1c0e811b393c1fb195b010d4f6651d9
- Size
  
  942KB
- MD5
  
  c637c6909f2456a453c9b1da0f2e798f
- SHA1
  
  3587855053bacb7bf3e1d5340a99ac41410eb03f
- SHA256
  
  af78c77e15f9f33aef365ad7ac3ebb67f1c0e811b393c1fb195b010d4f6651d9
- SHA512
  
  cae19ada459140b0ca7f0bbe12e9d3101f0d02c2f5f2563d101a6a64b654b47649cb3186b371dacd10e32bbd899bfa440d710b546c878039d74456375399c5fa
- SSDEEP
  
  24576:H6AEGUhvlj2+tJ+ff7ijwo/N5CUjRXTmAxQzcCVKaY1y:H6x3lXefGNDXzUciTH
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2