28f10ca2ee19f3e8387a6a447a56ebff7b37d4d928140784ccce488a4b279796 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28f10ca2ee19f3e8387a6a447a56ebff7b37d4d928140784ccce488a4b279796.exe
Size

1.7MB
Sample

241014-bj662svbld
MD5

393193f04ebaad8cbca4b027719187cd
SHA1

0385ee37a44cad5f4fcbbc1e36b4cb5a5230b58b
SHA256

28f10ca2ee19f3e8387a6a447a56ebff7b37d4d928140784ccce488a4b279796
SHA512

ef6b0471dcd673314bd22de1c525818bc74927119376c76c39c5d6f1895023d98c0fdc365a4a0e101ed301568986f1a5bfcb55c656f4c5f5d27f0feb31f7a31c
SSDEEP

24576:8CTwhNw4ZWHnrhl1lSXO8uaaxXDoqu3TDLquIQC6QdXw/qH2z:XTT4ZWHnrz1UXOTxkh3fL7e

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  28f10ca2ee19f3e8387a6a447a56ebff7b37d4d928140784ccce488a4b279796.exe
- Size
  
  1.7MB
- MD5
  
  393193f04ebaad8cbca4b027719187cd
- SHA1
  
  0385ee37a44cad5f4fcbbc1e36b4cb5a5230b58b
- SHA256
  
  28f10ca2ee19f3e8387a6a447a56ebff7b37d4d928140784ccce488a4b279796
- SHA512
  
  ef6b0471dcd673314bd22de1c525818bc74927119376c76c39c5d6f1895023d98c0fdc365a4a0e101ed301568986f1a5bfcb55c656f4c5f5d27f0feb31f7a31c
- SSDEEP
  
  24576:8CTwhNw4ZWHnrhl1lSXO8uaaxXDoqu3TDLquIQC6QdXw/qH2z:XTT4ZWHnrz1UXOTxkh3fL7e
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan