Overview

overview

9

Static

static

3

Kainite Woofer.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Kainite Woofer.exe

  • Size

    5.5MB

  • Sample

    240521-a8deladb9w

  • MD5

    1cdffc190b2931dae0912fa21b3b6233

  • SHA1

    21768070cb8b30c79c9b358244e6d21309eb5eb9

  • SHA256

    b69aa8826adb9744d7f2c48c5c04d8a6173f9f6fd6749838be876410c1fe2df5

  • SHA512

    7f00b7f3c308c45beed5abbc81588caf334d223b2f8b4e0265d23e144e15763b10ca8bb37a40ccddd5f30af70f16ae2f0e7dc8288b4a4e451300480555d3eca7

  • SSDEEP

    49152:StEpoQxfnKWuKJD/eGVREDFomQ39upfys+I3Ge2XED0h1U:zfSKJyyI9eU

Score
9/10
evasion

Malware Config

Targets

    • Target

      Kainite Woofer.exe

    • Size

      5.5MB

    • MD5

      1cdffc190b2931dae0912fa21b3b6233

    • SHA1

      21768070cb8b30c79c9b358244e6d21309eb5eb9

    • SHA256

      b69aa8826adb9744d7f2c48c5c04d8a6173f9f6fd6749838be876410c1fe2df5

    • SHA512

      7f00b7f3c308c45beed5abbc81588caf334d223b2f8b4e0265d23e144e15763b10ca8bb37a40ccddd5f30af70f16ae2f0e7dc8288b4a4e451300480555d3eca7

    • SSDEEP

      49152:StEpoQxfnKWuKJD/eGVREDFomQ39upfys+I3Ge2XED0h1U:zfSKJyyI9eU

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks