5bda195e3373983cef69c935b1be74f465e82d2a7cd8fcf99aa85d44be273b16 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bda195e3373983cef69c935b1be74f465e82d2a7cd8fcf99aa85d44be273b16
Size

3.5MB
Sample

231012-gqvdqadc86
MD5

13030623d5dc2fd38e56c9a6b7fc09e4
SHA1

890b4fa5482a8a353085450807cf45f106813b01
SHA256

5bda195e3373983cef69c935b1be74f465e82d2a7cd8fcf99aa85d44be273b16
SHA512

f1ecf8804695a33491f2365727453ca399b41965251eceb5691a481ce59b9131c7cbd6882a39cdeee39c81b7ca2218f3eea4a67610a1a050c75579ccc5cb8af2
SSDEEP

98304:YtkOmgAkqbS26Pct9kj7j+yuJgD/ChyM3/l/fP6ZXvS1:MPqG26Pct6vj+WCs8VK

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  5bda195e3373983cef69c935b1be74f465e82d2a7cd8fcf99aa85d44be273b16
- Size
  
  3.5MB
- MD5
  
  13030623d5dc2fd38e56c9a6b7fc09e4
- SHA1
  
  890b4fa5482a8a353085450807cf45f106813b01
- SHA256
  
  5bda195e3373983cef69c935b1be74f465e82d2a7cd8fcf99aa85d44be273b16
- SHA512
  
  f1ecf8804695a33491f2365727453ca399b41965251eceb5691a481ce59b9131c7cbd6882a39cdeee39c81b7ca2218f3eea4a67610a1a050c75579ccc5cb8af2
- SSDEEP
  
  98304:YtkOmgAkqbS26Pct9kj7j+yuJgD/ChyM3/l/fP6ZXvS1:MPqG26Pct6vj+WCs8VK
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2