2d128f248995eb5003fe0232acff77798b9674e8d91252ed61d11076fa1c3d41 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

90b76c3d4f6098fbbccb920a0ef85242.bin
Size

1.6MB
Sample

231121-czfvgabf38
MD5

8e809730316df03f2cdfa7597ca0d519
SHA1

e66b80ef716238ab0b8ffddd65e77f35966eb663
SHA256

2d128f248995eb5003fe0232acff77798b9674e8d91252ed61d11076fa1c3d41
SHA512

11286e04f025266fc33014306a0feb5f28bf81dc13f188d876437c35a7112bdfc30c7c9a37fdaaf0524d459c43c7a4079512852a7c20e2968539190b0dd26f90
SSDEEP

49152:D0NdsOyCRDiKDtmevN9eCMZGtAUKGrCAU9:INCOFRDFDtBN9eCoGtAFGeV9

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  bc59d9f26a9c6726252b4ade0f270888551fef590839617030c84a528f9fef31.exe
- Size
  
  1.7MB
- MD5
  
  90b76c3d4f6098fbbccb920a0ef85242
- SHA1
  
  1d49d3564af6afe49c9985b75684974bda9399bf
- SHA256
  
  bc59d9f26a9c6726252b4ade0f270888551fef590839617030c84a528f9fef31
- SHA512
  
  01915abc9932435e11a9c89685926ab76435a61a6aded472f4e520b7b12d7de6a3cb414965d510e3f04f53c7b76f2c7af73f36a0a7e4e450a0262bf4de14a160
- SSDEEP
  
  49152:pkAVB11ogqfV//TTno1MzirCGUwSCv5i:pFVCfVnuSi2KSCv5
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2