169063c8e7c36107b33fc6dc6c9816173336e4b5faafc62519a5b646c3984e51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66c5e0c64ddf6ad48c7269660e882ea5.bin
Size

1.4MB
Sample

231116-cfmtnsgc8y
MD5

b3fca7d337539bb1d1e8f434c730acee
SHA1

50fdbd56e76b80a5b95726c32dd234ab2796a0a8
SHA256

169063c8e7c36107b33fc6dc6c9816173336e4b5faafc62519a5b646c3984e51
SHA512

b9431934705b588c0729c7901275640c181166ee004246e5c791130839d325e496305124d85ed14a6869ed98072a5833cae95a70553f9af9f855010bb5613fbd
SSDEEP

24576:68m/OO522dIggE8ldHCympyv4Qc+zYAJkXbDXGrTcm2zcg7lLV9qrVhbIGXDYFaz:hm/OgLdlWHCDpyv4/+MAJkLDWkm2zcg2

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  1ded59a79c592a70a138f44b71118e2a7f86663902557cf6b8a109989ea53c7d.exe
- Size
  
  1.5MB
- MD5
  
  66c5e0c64ddf6ad48c7269660e882ea5
- SHA1
  
  2e80f3bc2aa7ea33ac4c2c64ef6f9c8351c295af
- SHA256
  
  1ded59a79c592a70a138f44b71118e2a7f86663902557cf6b8a109989ea53c7d
- SHA512
  
  196fbd877b695c6a0cbbe6d6d8054864dc8b55d52f2598b4ab368f39920b9234cd6e8f0a4aa1e58ef2b597c42e80218fa7f8f185ebb388a3355348eb7668e71d
- SSDEEP
  
  24576:pJH9HJUilcVG7HGKKGPlsVGqcMxEnw899/Dnz/aiQ+62D3Rq6L80onSLV:D9H+W4EHJKaI1fEB9/XjSW46L1wSL
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2