Overview

overview

9

Static

static

3

6542fe83ee...e2.exe

windows7-x64

9

6542fe83ee...e2.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    6542fe83ee30583be3b685a10c1febe2

  • Size

    4.7MB

  • Sample

    240118-nlr65aacfm

  • MD5

    6542fe83ee30583be3b685a10c1febe2

  • SHA1

    c8813c2a3a1e84e0cbbea98bd724d9a332e63200

  • SHA256

    2ab7cf367f4c8953c507d4ca5b17873921c5671a8103087430919e947295bc7b

  • SHA512

    9df0846596f45705a1e8bee33e1dca2b1287f7d77a96dc895808b607ce9c388c1e40262325d26468a030405f04e9c73a639497948373278cf335cd5a22b7dbfe

  • SSDEEP

    98304:ObahIEd2q543OIf/CEN2hTBrHJWGs2NyqeoNE/7SRYYQ:OGx2qG3N//ETVHJack+O

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      6542fe83ee30583be3b685a10c1febe2

    • Size

      4.7MB

    • MD5

      6542fe83ee30583be3b685a10c1febe2

    • SHA1

      c8813c2a3a1e84e0cbbea98bd724d9a332e63200

    • SHA256

      2ab7cf367f4c8953c507d4ca5b17873921c5671a8103087430919e947295bc7b

    • SHA512

      9df0846596f45705a1e8bee33e1dca2b1287f7d77a96dc895808b607ce9c388c1e40262325d26468a030405f04e9c73a639497948373278cf335cd5a22b7dbfe

    • SSDEEP

      98304:ObahIEd2q543OIf/CEN2hTBrHJWGs2NyqeoNE/7SRYYQ:OGx2qG3N//ETVHJack+O

    Score
    9/10
    evasiondiscovery

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Modifies file permissions

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks