fa1c0c271fc89651bc40cc1b4cee1a565d1ab8e1f7a7ab23959877601b8a58ea | Triage

Sharing

General

Target

fa1c0c271fc89651bc40cc1b4cee1a565d1ab8e1f7a7ab23959877601b8a58ea
Size

813KB
Sample

221207-cd2vtaec39
MD5

67c24af4440eccc5274037c4ba9e2e16
SHA1

e8f9df2ad9b0d77ee7efc1ff76312400fc6912b2
SHA256

fa1c0c271fc89651bc40cc1b4cee1a565d1ab8e1f7a7ab23959877601b8a58ea
SHA512

e1734d30ec9c8245bbc2bedadff5342cde25ca1a7219342a9afa1b332f42a6829aceb1e228fb9aee3292be81b81c8d9183dbb37f6eb41da468c70c5040084e30
SSDEEP

24576:uI9qjp3/4ToOICureR048mq2ud/nfboec:ZqpP4MOjVuV52ulnzo

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  fa1c0c271fc89651bc40cc1b4cee1a565d1ab8e1f7a7ab23959877601b8a58ea
- Size
  
  813KB
- MD5
  
  67c24af4440eccc5274037c4ba9e2e16
- SHA1
  
  e8f9df2ad9b0d77ee7efc1ff76312400fc6912b2
- SHA256
  
  fa1c0c271fc89651bc40cc1b4cee1a565d1ab8e1f7a7ab23959877601b8a58ea
- SHA512
  
  e1734d30ec9c8245bbc2bedadff5342cde25ca1a7219342a9afa1b332f42a6829aceb1e228fb9aee3292be81b81c8d9183dbb37f6eb41da468c70c5040084e30
- SSDEEP
  
  24576:uI9qjp3/4ToOICureR048mq2ud/nfboec:ZqpP4MOjVuV52ulnzo
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2