f605714e9886467b045c620634a27893cbb65b8567937f0fd142f9d06ddda8e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d75ed0e0f83fecc333e8c9aa93d56d39
Size

1.7MB
Sample

240319-3pgbcsbe2y
MD5

d75ed0e0f83fecc333e8c9aa93d56d39
SHA1

624ee65f52ebf9c1ec290e72f49e70b66a2b764c
SHA256

f605714e9886467b045c620634a27893cbb65b8567937f0fd142f9d06ddda8e6
SHA512

978bf72e9416e6b48841935c8a1f5280e6cb08a6fb1a3b291eb64d12f8df073418da51fe5c8c88766c679012efe698b5d0044bb298bfe9adf4ae80575e69cca9
SSDEEP

49152:Jw2L1z+iy+OyGf2AYuD5audbXYlJVFS5JEeNcgRtKH:i2LYiy+Oyg2AY6/dDYlDFpGU

Score

7^/10

evasion

Malware Config

Targets

- Target
  
  FuriousTeam-BBserver-mep-reader-v1/FBL.exe
- Size
  
  1.8MB
- MD5
  
  6db11590dd7d910f63a7bb625bfb750f
- SHA1
  
  c000af87c1a43b57eee11d95f6171c493f0e7edb
- SHA256
  
  03859047219087b764f3fdbb83cb2ff5935093d0aed27cb8bc3e4175e8155b08
- SHA512
  
  3ff656cee091210a09f4af9a466617f1e95424916973bb42021db5ce6ac42950f7730353cab6330b2dec11815bf8fdb9b787cdb527f0e2e4ae137c4b7840f8d2
- SSDEEP
  
  24576:kp82IAYpd4UNqQlbAuwR0ur1uBOLIBBHv/Uc9a69mEf3zzThPkLeXsVXgBo7Du5X:kp82pBUNhlbbrhXUcT9mgMrwBxX
Score

7^/10

evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2