14734989af6c38cfa04f75a89191360e5939d0fa5ffadc5b2c40206a5a48d86c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18b9c58d2a3ce8d1f4f698136e814110N.exe
Size

700KB
Sample

240822-hxykdsxepr
MD5

18b9c58d2a3ce8d1f4f698136e814110
SHA1

c56055e65a10c0232b8a24cf535b61836c7674d4
SHA256

14734989af6c38cfa04f75a89191360e5939d0fa5ffadc5b2c40206a5a48d86c
SHA512

a4ecc7d65b6bdf2e9010070694954b8ec4c4f3f334c4f311177a49e8c4891e5ef04df65450a5079408cbee101cde3d03f4329fb345293aa9d398a46f774c67e1
SSDEEP

12288:LTKkloTQi36J+J0iCGD9MidJwyd4XMPz/o6J5tC8BFTZ/0CrHgxuZxitbSswWoRe:LmkociHD9Jp4Xf6J51b0CLUbSBbR

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  18b9c58d2a3ce8d1f4f698136e814110N.exe
- Size
  
  700KB
- MD5
  
  18b9c58d2a3ce8d1f4f698136e814110
- SHA1
  
  c56055e65a10c0232b8a24cf535b61836c7674d4
- SHA256
  
  14734989af6c38cfa04f75a89191360e5939d0fa5ffadc5b2c40206a5a48d86c
- SHA512
  
  a4ecc7d65b6bdf2e9010070694954b8ec4c4f3f334c4f311177a49e8c4891e5ef04df65450a5079408cbee101cde3d03f4329fb345293aa9d398a46f774c67e1
- SSDEEP
  
  12288:LTKkloTQi36J+J0iCGD9MidJwyd4XMPz/o6J5tC8BFTZ/0CrHgxuZxitbSswWoRe:LmkociHD9Jp4Xf6J51b0CLUbSBbR
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion