53fce63faad888a934f069297527bd7a56973021eb197331628507859ba95bb2 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

53fce63faa...b2.exe

windows7-x64

9

53fce63faa...b2.exe

windows10-2004-x64

9

Sharing

General

Target

53fce63faad888a934f069297527bd7a56973021eb197331628507859ba95bb2
Size

6.5MB
Sample

240911-tc6wtazcka
MD5

50112d3dfe3e58bbd791420fedf33ccf
SHA1

25cb635e6058b9436e675666efe9f59ef7bbba15
SHA256

53fce63faad888a934f069297527bd7a56973021eb197331628507859ba95bb2
SHA512

8745d98468092bf2ccd25fe23a784c7fb9bda9356ad87058bb1880c20ff11c34da60ea59e6274ee5ada5967356f0d826746aecb18a5f85425a6f61239f66851f
SSDEEP

98304:oqSuRas1Iw1z1Aa5+jShllmITRU/KKvIdKki/HiYjhoda11hYFhCoaOQbkEKiR:Qub1Iw1v5+urIITq/Edcqrda1EFs7Fr

Score

9^/10

discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53fce63faad888a934f069297527bd7a56973021eb197331628507859ba95bb2.exe

Resource

win7-20240903-en

discovery evasion

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

53fce63faad888a934f069297527bd7a56973021eb197331628507859ba95bb2.exe

Resource

win10v2004-20240802-en

discovery evasion

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  53fce63faad888a934f069297527bd7a56973021eb197331628507859ba95bb2
- Size
  
  6.5MB
- MD5
  
  50112d3dfe3e58bbd791420fedf33ccf
- SHA1
  
  25cb635e6058b9436e675666efe9f59ef7bbba15
- SHA256
  
  53fce63faad888a934f069297527bd7a56973021eb197331628507859ba95bb2
- SHA512
  
  8745d98468092bf2ccd25fe23a784c7fb9bda9356ad87058bb1880c20ff11c34da60ea59e6274ee5ada5967356f0d826746aecb18a5f85425a6f61239f66851f
- SSDEEP
  
  98304:oqSuRas1Iw1z1Aa5+jShllmITRU/KKvIdKki/HiYjhoda11hYFhCoaOQbkEKiR:Qub1Iw1v5+urIITq/Edcqrda1EFs7Fr
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

© 2018-2024

Terms | Privacy