Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241014-fypmrszcng

  • MD5

    7e9a3a9f9ae9752824295e644d063225

  • SHA1

    7cbfb7367c69f600977f597c0d4ecfe40806bd19

  • SHA256

    332510b07ca29342077d550d2580022b53d88a449696e7d0be28c428feb796ac

  • SHA512

    cc1d274c0673452c8c4d352692343c7991069894eaff827dc51fd1395bc583533975a0899095df7a3d55d2551972118c055e65767fd282bca0fd9ad8d7d21567

  • SSDEEP

    24576:dw5pHu/eiSnQt2dPhmyFpfmkk5vpDqfXPGyWw8u0TXfwzhJlGUMAEOjv/hqnXpMI:dSQ/eiSKSPpFk5voWBA0n1sHaWE8EN

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      7e9a3a9f9ae9752824295e644d063225

    • SHA1

      7cbfb7367c69f600977f597c0d4ecfe40806bd19

    • SHA256

      332510b07ca29342077d550d2580022b53d88a449696e7d0be28c428feb796ac

    • SHA512

      cc1d274c0673452c8c4d352692343c7991069894eaff827dc51fd1395bc583533975a0899095df7a3d55d2551972118c055e65767fd282bca0fd9ad8d7d21567

    • SSDEEP

      24576:dw5pHu/eiSnQt2dPhmyFpfmkk5vpDqfXPGyWw8u0TXfwzhJlGUMAEOjv/hqnXpMI:dSQ/eiSKSPpFk5voWBA0n1sHaWE8EN

    Score
    10/10
    discoveryevasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks