Overview

overview

9

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    369KB

  • Sample

    231012-yqdjmsbc3t

  • MD5

    ab8ca5e42346f12449880f6cec4d4cda

  • SHA1

    b9a1d7e06f7db0fff80a8fbeafe32f408ab2cc20

  • SHA256

    2f0d1740cabc87f0b68605d72189860b48ea5cf9b8b1570346e996626aec288b

  • SHA512

    a33cbffe2a2518a482d0d70585f31e8a578762a5b2b064ca164dbec7a049b3acb711b39228e9d0970d0d27b188a665c5720a912648cd38f85b41d537e85e974b

  • SSDEEP

    6144:JahOdUVuNLepz+4d3fj7tv+9EoLULd36Ls/0sBnNf4jkc/GcFSIXRr:JigTe+Sr7QKP0KNfYk4FHh

Score
9/10
evasionpersistence

Malware Config

Targets

    • Target

      file.exe

    • Size

      369KB

    • MD5

      ab8ca5e42346f12449880f6cec4d4cda

    • SHA1

      b9a1d7e06f7db0fff80a8fbeafe32f408ab2cc20

    • SHA256

      2f0d1740cabc87f0b68605d72189860b48ea5cf9b8b1570346e996626aec288b

    • SHA512

      a33cbffe2a2518a482d0d70585f31e8a578762a5b2b064ca164dbec7a049b3acb711b39228e9d0970d0d27b188a665c5720a912648cd38f85b41d537e85e974b

    • SSDEEP

      6144:JahOdUVuNLepz+4d3fj7tv+9EoLULd36Ls/0sBnNf4jkc/GcFSIXRr:JigTe+Sr7QKP0KNfYk4FHh

    Score
    9/10
    persistenceevasion

    • Enumerates VirtualBox DLL files

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox drivers on disk

      evasion

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks