98169b2b4ea83e6dc0859a91bbc0b757cb25149abad32d7fbd7a3fc89d3240c4 | Triage

Sharing

General

Target

98169b2b4ea83e6dc0859a91bbc0b757cb25149abad32d7fbd7a3fc89d3240c4
Size

2.2MB
Sample

240816-y8mv2ayekk
MD5

b508d38a33d4aaf422e579383e1ecbba
SHA1

f756141c8245a30395c42a8ba9772e89907491f9
SHA256

98169b2b4ea83e6dc0859a91bbc0b757cb25149abad32d7fbd7a3fc89d3240c4
SHA512

6fecb681c4e5c7361aabe9111c4cff625e7791ac8e47c65f0d91b16ace51983b9881643e743d7629b6c6777586e19309670bdc89f8df14d54dd0d76f8ac2787d
SSDEEP

49152:QZtxFrv78H4B8TdljCrDVWj5Y6+GSRPOFG3KPB+M1W2OsijnEk:eLrT+4GYDV45YQWGFGaJ+wiAk

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  98169b2b4ea83e6dc0859a91bbc0b757cb25149abad32d7fbd7a3fc89d3240c4
- Size
  
  2.2MB
- MD5
  
  b508d38a33d4aaf422e579383e1ecbba
- SHA1
  
  f756141c8245a30395c42a8ba9772e89907491f9
- SHA256
  
  98169b2b4ea83e6dc0859a91bbc0b757cb25149abad32d7fbd7a3fc89d3240c4
- SHA512
  
  6fecb681c4e5c7361aabe9111c4cff625e7791ac8e47c65f0d91b16ace51983b9881643e743d7629b6c6777586e19309670bdc89f8df14d54dd0d76f8ac2787d
- SSDEEP
  
  49152:QZtxFrv78H4B8TdljCrDVWj5Y6+GSRPOFG3KPB+M1W2OsijnEk:eLrT+4GYDV45YQWGFGaJ+wiAk
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion