aaaa0350f8c8284a52a8af65b77b6d7c8ee93872245f1accd8b86d7c45273a7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dsd_2.457.rar
Size

3.8MB
Sample

240603-p4ppdsge42
MD5

05884a7044067f0fa5a58913873ed6bb
SHA1

41a57367fcb8fb60f2c7d2124bb39a6f8dddd7eb
SHA256

aaaa0350f8c8284a52a8af65b77b6d7c8ee93872245f1accd8b86d7c45273a7a
SHA512

9e5a967b2b91f32a554b68a141cbf06a4e9fd080fe279636ac9e404c2d7035b4767714af75fe15ffb12bde4966dc6dd00d2f00bc5beaa76cedb1a80b839ef377
SSDEEP

98304:jRf7mtUuu/gttmrH6WqIoLqZS70Pmm9OYRYzR8Me6rQ:jh7aUX4+HOLqe0PmKdRYzRa6c

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  DSD 2.457/DSDPlus.exe
- Size
  
  1.9MB
- MD5
  
  d1da4d30ed524c08377195a18c5032e7
- SHA1
  
  1975e04d9741a0e864f8de82d92026a096daa9c9
- SHA256
  
  b30d3254044fe1460bc5d22bcf011462459f6fc369f29b5fa14f40d59bbb1211
- SHA512
  
  879585d3ad564dc361a0ba2a24967db5ff7794407c278814b3ca3a0541fb94a20281d629805e02f6655d05d3a332ab297652ac8ff3ad8816f591f26384a5198e
- SSDEEP
  
  49152:Y4axQgV5Xz1Eh5+id5u4jiilRgHCVk9FdRMM1PNLkbQ/yHRu:zaxT5jOh5QmiIgioFdS60QE
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1