e39853d2fb8e92f35d0274c856b2a56b6a3eafada4a7da36770cc741875299bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

880cdf9eb4527da049425e2cbdd640fb
Size

9.9MB
Sample

230630-eegx5sga57
MD5

880cdf9eb4527da049425e2cbdd640fb
SHA1

05e4aa04104ea9918a7076049b55a3d8b0193640
SHA256

e39853d2fb8e92f35d0274c856b2a56b6a3eafada4a7da36770cc741875299bf
SHA512

11036f364fa5ee8ca6433709c302af6f0bd6413e9e8ca421ca41835a521ed7220e6005f5df429e2eef87e239978af0440940b3627e8332961fe4696140964640
SSDEEP

196608:6/1jMTyjcrd5gmuRwDXff/xd0eRMrrH16NEh4I+P7O9Tkh6x:6Tcrd5luOLfn70eRMrJ6m4l7wTi

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  880cdf9eb4527da049425e2cbdd640fb
- Size
  
  9.9MB
- MD5
  
  880cdf9eb4527da049425e2cbdd640fb
- SHA1
  
  05e4aa04104ea9918a7076049b55a3d8b0193640
- SHA256
  
  e39853d2fb8e92f35d0274c856b2a56b6a3eafada4a7da36770cc741875299bf
- SHA512
  
  11036f364fa5ee8ca6433709c302af6f0bd6413e9e8ca421ca41835a521ed7220e6005f5df429e2eef87e239978af0440940b3627e8332961fe4696140964640
- SSDEEP
  
  196608:6/1jMTyjcrd5gmuRwDXff/xd0eRMrrH16NEh4I+P7O9Tkh6x:6Tcrd5luOLfn70eRMrJ6m4l7wTi
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2