be46a582cb3fc66172d6c18e79c2761d686d9948f2531d4df7a20684ec5e2a9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

005123f9506f54c7c8b4571ffdf41be0
Size

1.8MB
Sample

231229-wzx9ashcel
MD5

005123f9506f54c7c8b4571ffdf41be0
SHA1

535abc3d6f53bd66d456d788dc5d44eb145a2087
SHA256

be46a582cb3fc66172d6c18e79c2761d686d9948f2531d4df7a20684ec5e2a9c
SHA512

72e30bd76e89b7e28d412c0aa6a71d64bc2e669ef656d469df783a5690ef6e2a50fa2f6d646238405e235a08d3bb2cb7e60b3b469f048375d7d6dbf03cf63563
SSDEEP

49152:kFNWjnPLYjpoA9HrZdE1jR9T1+fey25Dz67XwsYv:fjcXHrZO9x+fcsXG

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  005123f9506f54c7c8b4571ffdf41be0
- Size
  
  1.8MB
- MD5
  
  005123f9506f54c7c8b4571ffdf41be0
- SHA1
  
  535abc3d6f53bd66d456d788dc5d44eb145a2087
- SHA256
  
  be46a582cb3fc66172d6c18e79c2761d686d9948f2531d4df7a20684ec5e2a9c
- SHA512
  
  72e30bd76e89b7e28d412c0aa6a71d64bc2e669ef656d469df783a5690ef6e2a50fa2f6d646238405e235a08d3bb2cb7e60b3b469f048375d7d6dbf03cf63563
- SSDEEP
  
  49152:kFNWjnPLYjpoA9HrZdE1jR9T1+fey25Dz67XwsYv:fjcXHrZO9x+fcsXG
Score

10^/10

evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2