d0f22c1526669cda2ccf4362c23fd7c4c884a7ae61aa8b8af149d985aec0cdb8 | Triage

Sharing

General

Target

701813a2c24d366c20ceedd6524f7929
Size

3.9MB
Sample

240123-vls7radff8
MD5

701813a2c24d366c20ceedd6524f7929
SHA1

21148e3707bcfcaf7db3be0b119d020b2d011a85
SHA256

d0f22c1526669cda2ccf4362c23fd7c4c884a7ae61aa8b8af149d985aec0cdb8
SHA512

d33d1a30395c00c16db48c5e7eabc4f57809d4b1614a6ce13f4e9c3789472118b96f241b36d6d5d0c65f36e05026e8122f22ff75dc8c56a425f68d016ce7a236
SSDEEP

98304:N9C5b7Y1e6n9Jt8QMLKETgAMzze1oOn22J4FBZirSGPIsWfQ:N054e69MDK9AWzrOn/iFElE4

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  701813a2c24d366c20ceedd6524f7929
- Size
  
  3.9MB
- MD5
  
  701813a2c24d366c20ceedd6524f7929
- SHA1
  
  21148e3707bcfcaf7db3be0b119d020b2d011a85
- SHA256
  
  d0f22c1526669cda2ccf4362c23fd7c4c884a7ae61aa8b8af149d985aec0cdb8
- SHA512
  
  d33d1a30395c00c16db48c5e7eabc4f57809d4b1614a6ce13f4e9c3789472118b96f241b36d6d5d0c65f36e05026e8122f22ff75dc8c56a425f68d016ce7a236
- SSDEEP
  
  98304:N9C5b7Y1e6n9Jt8QMLKETgAMzze1oOn22J4FBZirSGPIsWfQ:N054e69MDK9AWzrOn/iFElE4
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2