e6dbd39e3703259f34f622bc637b1874aa15384efad928a8b2c8f9394373f11a | Triage

Sharing

General

Target

1d22d95295471825008ad9a43b185144
Size

1.7MB
Sample

231230-1empaafbd4
MD5

1d22d95295471825008ad9a43b185144
SHA1

39b839c5d92439d3a985ea6820fa7c88a33d4f66
SHA256

e6dbd39e3703259f34f622bc637b1874aa15384efad928a8b2c8f9394373f11a
SHA512

788b6c838f4b778ffb2d3a0c868320ea4ba74c420bc456ef9ed6748e5203f974a2b12823b67137d7005fdc50b12b03df1d87b9985f272ac4ea0cfbac056fb8f7
SSDEEP

49152:WyhjgLqUzBWnc9bf1NqV1c19zD38YXEmQTDr:JJizBWnAbf146D38YUPr

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  1d22d95295471825008ad9a43b185144
- Size
  
  1.7MB
- MD5
  
  1d22d95295471825008ad9a43b185144
- SHA1
  
  39b839c5d92439d3a985ea6820fa7c88a33d4f66
- SHA256
  
  e6dbd39e3703259f34f622bc637b1874aa15384efad928a8b2c8f9394373f11a
- SHA512
  
  788b6c838f4b778ffb2d3a0c868320ea4ba74c420bc456ef9ed6748e5203f974a2b12823b67137d7005fdc50b12b03df1d87b9985f272ac4ea0cfbac056fb8f7
- SSDEEP
  
  49152:WyhjgLqUzBWnc9bf1NqV1c19zD38YXEmQTDr:JJizBWnAbf146D38YUPr
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2