25df565b5ddb7c72c6582eb5d724b7c88f0477a75f5292004b5352fbe2556ad3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25df565b5ddb7c72c6582eb5d724b7c88f0477a75f5292004b5352fbe2556ad3N
Size

821KB
Sample

241012-pta39avfmr
MD5

2396285bd55374ad64af1063a0383300
SHA1

4ce309e9a513805ed765248f76a91a8feb80f9bc
SHA256

25df565b5ddb7c72c6582eb5d724b7c88f0477a75f5292004b5352fbe2556ad3
SHA512

0c5216dd80a9624c861316a103191858b50366946b53af6c7b41cde3faadebd88a4941cc677b68bb26e3faae32d3c348e6237772942deda638a0ddc20a0bb102
SSDEEP

12288:MvxagR8VR3d2RtE4KIaZz38JuI/UMKweiLDPK96pMS+7zMGoFvLqSnlBElZQPT3B:ML8Vldb8aVlI/UMpLmc+DUqyE0LZvDq

Score

9^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  25df565b5ddb7c72c6582eb5d724b7c88f0477a75f5292004b5352fbe2556ad3N
- Size
  
  821KB
- MD5
  
  2396285bd55374ad64af1063a0383300
- SHA1
  
  4ce309e9a513805ed765248f76a91a8feb80f9bc
- SHA256
  
  25df565b5ddb7c72c6582eb5d724b7c88f0477a75f5292004b5352fbe2556ad3
- SHA512
  
  0c5216dd80a9624c861316a103191858b50366946b53af6c7b41cde3faadebd88a4941cc677b68bb26e3faae32d3c348e6237772942deda638a0ddc20a0bb102
- SSDEEP
  
  12288:MvxagR8VR3d2RtE4KIaZz38JuI/UMKweiLDPK96pMS+7zMGoFvLqSnlBElZQPT3B:ML8Vldb8aVlI/UMpLmc+DUqyE0LZvDq
Score

9^/10

discovery evasion persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence