General
-
Target
84b85f7abec8f7a5ecd71de636ff85e990f87a92ffd2dace88a398b089a4a62f
-
Size
996KB
-
Sample
240611-2gc4asvaqr
-
MD5
d08466a6154e0a206733c6f1213a5fa8
-
SHA1
568a83847b934d2634aa71ff11e264b6dc972d46
-
SHA256
84b85f7abec8f7a5ecd71de636ff85e990f87a92ffd2dace88a398b089a4a62f
-
SHA512
b3a829671701831c3c80f64c9a80e7e8c09f666a4e9b591ceee752d634488b931b708738cc3e736df3db0630566e0497b2ea4a6d194dafc82604632663909ada
-
SSDEEP
24576:WtWwH2JGijUfWEHKrlkv4nJFn1k6Eahj0ez4:m1KuHCkvc+ahjjM
Static task
static1
Behavioral task
behavioral1
Sample
exoplor.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
exoplor.exz
-
Size
1022KB
-
MD5
0ff5ecbe655b0b5781700195d2e8475e
-
SHA1
88287fb8ae38e8b4b3c7dad7ef72200f1ff6c20d
-
SHA256
d85538af1e2ee590775bcf2d6cdd5b757eb4eded381f9a3d3c94c81a52534035
-
SHA512
b3d6e7f0396151265968a3a17b2523e7a8564df5e5332f577791335e3337b4a076971b76485a9bdaca4d181860058e791935e8d459dbfe6f65320dc76bef84a5
-
SSDEEP
24576:SFuFIa6JCDe6/xeB9RC3EXhJcXiWeAu3mBgVLn7PYzEd:Bt6JKd5YHTXTcXu33mBWLn7PYe
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Virtualization/Sandbox Evasion
2Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1