1b2170649ab01dd5ac8ce177f4a9aeaf7833b13a2447fe3f7abd46523286e2be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b2170649ab01dd5ac8ce177f4a9aeaf7833b13a2447fe3f7abd46523286e2be
Size

4.2MB
Sample

230415-fdnvqsee7v
MD5

ed2905feaac97e34e7db9e34dbf1dada
SHA1

08436d89786869c3a6959d7ea3163b39cd585110
SHA256

1b2170649ab01dd5ac8ce177f4a9aeaf7833b13a2447fe3f7abd46523286e2be
SHA512

6d84260df94b8252748790ca9812773dcbc654a41445290cb3fc8c94dc3b4828967c0ae9fedd362940cb5923cda1fc13873aea9696a35040bed3f4bfb3e64884
SSDEEP

98304:g7bvQUsY/wjl3yhKTPHsReROAxCEV6FRcMlBiaNCW0FJ9+:2bvQZNjEhKTUReROOCEVecA8aNCPFJQ

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  1b2170649ab01dd5ac8ce177f4a9aeaf7833b13a2447fe3f7abd46523286e2be
- Size
  
  4.2MB
- MD5
  
  ed2905feaac97e34e7db9e34dbf1dada
- SHA1
  
  08436d89786869c3a6959d7ea3163b39cd585110
- SHA256
  
  1b2170649ab01dd5ac8ce177f4a9aeaf7833b13a2447fe3f7abd46523286e2be
- SHA512
  
  6d84260df94b8252748790ca9812773dcbc654a41445290cb3fc8c94dc3b4828967c0ae9fedd362940cb5923cda1fc13873aea9696a35040bed3f4bfb3e64884
- SSDEEP
  
  98304:g7bvQUsY/wjl3yhKTPHsReROAxCEV6FRcMlBiaNCW0FJ9+:2bvQZNjEhKTUReROOCEVecA8aNCPFJQ
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2