f80fc170ee61cfc473a016a640acfde40b8ba8ed6935060d538674098f2959cb | Triage

Sharing

General

Target

3e31cbce05fa70e79583ea94ae6d73ca
Size

722KB
Sample

231225-1mj85ageg5
MD5

3e31cbce05fa70e79583ea94ae6d73ca
SHA1

b521b7ccffd70f46e49ea4d5bc3cf0e432d64d2d
SHA256

f80fc170ee61cfc473a016a640acfde40b8ba8ed6935060d538674098f2959cb
SHA512

d2bc5c5217e2c39f9a7fdab6be760239b37c545e845aae421d7f74ae7cc2e72dff1c9056e727701fb3c9fedd19e3b9dbaa35fb3884d3a9b14c6c7e73120bf950
SSDEEP

12288:YGkKmIHLYCaWpXzU4fE1d1xs0Yfv0zAWFuhlCXRbmqky4mbdJ2I3ZvY59OhOuB41:HmcNaWpY9AWoyXFmqk3mb7JvY59O0uB4

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  3e31cbce05fa70e79583ea94ae6d73ca
- Size
  
  722KB
- MD5
  
  3e31cbce05fa70e79583ea94ae6d73ca
- SHA1
  
  b521b7ccffd70f46e49ea4d5bc3cf0e432d64d2d
- SHA256
  
  f80fc170ee61cfc473a016a640acfde40b8ba8ed6935060d538674098f2959cb
- SHA512
  
  d2bc5c5217e2c39f9a7fdab6be760239b37c545e845aae421d7f74ae7cc2e72dff1c9056e727701fb3c9fedd19e3b9dbaa35fb3884d3a9b14c6c7e73120bf950
- SSDEEP
  
  12288:YGkKmIHLYCaWpXzU4fE1d1xs0Yfv0zAWFuhlCXRbmqky4mbdJ2I3ZvY59OhOuB41:HmcNaWpY9AWoyXFmqk3mb7JvY59O0uB4
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2