19d6e230b22f3f449cdce8f62edb1e56283d7906d537861d245b8d14b0ebfa4e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81db5f0edbf9bc2a1a4f6fcb0273dd2b.bin
Size

6.3MB
Sample

240803-ddewqavhrh
MD5

81db5f0edbf9bc2a1a4f6fcb0273dd2b
SHA1

e9a4ca3592427df37d02a2c8bb05dd0d6896c113
SHA256

19d6e230b22f3f449cdce8f62edb1e56283d7906d537861d245b8d14b0ebfa4e
SHA512

76be76654898d86d6a727c5645c46603024ee798542b87bbfd120d9ece5699fb114655dc4e9328ccdc16b5066825f7446cc5e124cabae8c7d7cd79581524e4ae
SSDEEP

196608:I47duNQTG4aupha0/zj/JfythQ68k5kROUae:I47dDjha0/z0tiaehae

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  81db5f0edbf9bc2a1a4f6fcb0273dd2b.bin
- Size
  
  6.3MB
- MD5
  
  81db5f0edbf9bc2a1a4f6fcb0273dd2b
- SHA1
  
  e9a4ca3592427df37d02a2c8bb05dd0d6896c113
- SHA256
  
  19d6e230b22f3f449cdce8f62edb1e56283d7906d537861d245b8d14b0ebfa4e
- SHA512
  
  76be76654898d86d6a727c5645c46603024ee798542b87bbfd120d9ece5699fb114655dc4e9328ccdc16b5066825f7446cc5e124cabae8c7d7cd79581524e4ae
- SSDEEP
  
  196608:I47duNQTG4aupha0/zj/JfythQ68k5kROUae:I47dDjha0/z0tiaehae
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion