Overview

overview

9

Static

static

3

Kainite Woofer.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kainite Woofer.exe

  • Size

    5.4MB

  • Sample

    240522-dabpwshh63

  • MD5

    de3e9f32e96b992556b91739bfd29264

  • SHA1

    1a8d80b5a38b7f7ae5da912157075524f6b18c76

  • SHA256

    9e89e5a3f5899546aec98a34be14c438215b0db322fb6c380ea930e06a37a25d

  • SHA512

    7aef90356de9e7520de564c497980f028c50b8723b33c8249b584ce6ce388c66b76a971464b7cb21bfce5fe893d5e2f7746a2764a6193830fab4cbc9a54e5238

  • SSDEEP

    49152:xhA30NlJGqXWksxxpl68fI7tRe8iRt3M/EHgi/jevoJl5QgC:VGZAXeevoJl5QT

Score
9/10
evasion

Malware Config

Targets

    • Target

      Kainite Woofer.exe

    • Size

      5.4MB

    • MD5

      de3e9f32e96b992556b91739bfd29264

    • SHA1

      1a8d80b5a38b7f7ae5da912157075524f6b18c76

    • SHA256

      9e89e5a3f5899546aec98a34be14c438215b0db322fb6c380ea930e06a37a25d

    • SHA512

      7aef90356de9e7520de564c497980f028c50b8723b33c8249b584ce6ce388c66b76a971464b7cb21bfce5fe893d5e2f7746a2764a6193830fab4cbc9a54e5238

    • SSDEEP

      49152:xhA30NlJGqXWksxxpl68fI7tRe8iRt3M/EHgi/jevoJl5QgC:VGZAXeevoJl5QT

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks