1980f7699d3645013d47e81cb347095e08a361287814dbce7c4c73890857a2cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1980f7699d3645013d47e81cb347095e08a361287814dbce7c4c73890857a2cb
Size

3.2MB
Sample

231008-qll18acc6x
MD5

cf9a3c4677816c07c23cfcdf5c21acf6
SHA1

afab140334c78680e4f7607c28afa0b8c673deb9
SHA256

1980f7699d3645013d47e81cb347095e08a361287814dbce7c4c73890857a2cb
SHA512

bab6abca8e42343fc28f37094586a1bcd2543a9f4ba224f77e6d56a2aae0a7b3897f4575a824e3556b85905360371d34a5483c1d033e98cff2e93ae2dbace7fe
SSDEEP

98304:QmDIMswbpJTLJrY0kAceXcLubejAAQtDytfNEjH:QNopkDeXDe0dKNEz

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  1980f7699d3645013d47e81cb347095e08a361287814dbce7c4c73890857a2cb
- Size
  
  3.2MB
- MD5
  
  cf9a3c4677816c07c23cfcdf5c21acf6
- SHA1
  
  afab140334c78680e4f7607c28afa0b8c673deb9
- SHA256
  
  1980f7699d3645013d47e81cb347095e08a361287814dbce7c4c73890857a2cb
- SHA512
  
  bab6abca8e42343fc28f37094586a1bcd2543a9f4ba224f77e6d56a2aae0a7b3897f4575a824e3556b85905360371d34a5483c1d033e98cff2e93ae2dbace7fe
- SSDEEP
  
  98304:QmDIMswbpJTLJrY0kAceXcLubejAAQtDytfNEjH:QNopkDeXDe0dKNEz
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2