24f9403b0f7720eacdc5af69d4bd459ee443db74b43f431729e207158601f931 | Triage

Submit
Reports

Overview

overview

Static

static

3

24f9403b0f...31.exe

windows7-x64

24f9403b0f...31.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

24f9403b0f7720eacdc5af69d4bd459ee443db74b43f431729e207158601f931.exe
Size

1.7MB
Sample

240220-fzv6yabg31
MD5

2d0f793486a9272c1595395195eb3875
SHA1

43e2eca63d34f55e66a47ea0e4319f502d9edf84
SHA256

24f9403b0f7720eacdc5af69d4bd459ee443db74b43f431729e207158601f931
SHA512

20d66fa998c95b47d0ef1c1c41a80a4563db0e9186f8122c55d38f982b3e1d1ce45a7572fe1abe03ba0f39e00fecb5b392ee493ddccdc4b8e69ad92db9aaccc2
SSDEEP

24576:SZALz4R56j8drpL6nWLgr1d6I2DMidAvmUZP/PEC1qkNaw+JI/nef7rzMtFzgTGy:XLkR5M8U3ZQBDTUhvfNaw+s7Pq

Score

10^/10

evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

24f9403b0f7720eacdc5af69d4bd459ee443db74b43f431729e207158601f931.exe

Resource

win7-20231215-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

24f9403b0f7720eacdc5af69d4bd459ee443db74b43f431729e207158601f931.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  24f9403b0f7720eacdc5af69d4bd459ee443db74b43f431729e207158601f931.exe
- Size
  
  1.7MB
- MD5
  
  2d0f793486a9272c1595395195eb3875
- SHA1
  
  43e2eca63d34f55e66a47ea0e4319f502d9edf84
- SHA256
  
  24f9403b0f7720eacdc5af69d4bd459ee443db74b43f431729e207158601f931
- SHA512
  
  20d66fa998c95b47d0ef1c1c41a80a4563db0e9186f8122c55d38f982b3e1d1ce45a7572fe1abe03ba0f39e00fecb5b392ee493ddccdc4b8e69ad92db9aaccc2
- SSDEEP
  
  24576:SZALz4R56j8drpL6nWLgr1d6I2DMidAvmUZP/PEC1qkNaw+JI/nef7rzMtFzgTGy:XLkR5M8U3ZQBDTUhvfNaw+s7Pq
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy