Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241015-cqp2saygnc

  • MD5

    0ae3ef71b6b48f24897636f75327204e

  • SHA1

    5e58d71aa76269fef79dba8297411bf7f0cf1bfc

  • SHA256

    495915ff1a77a07fb27fe64ecfecab0e8fd8c37f41c1205448c092e6d338d5fa

  • SHA512

    4c5162254ecc7886ff05136b068e2b4a530e5624f0832001d3f48472d16b2c0f83619eabb2d51c9e126ab8204635a13b285ab5c09ac83b79e1cf36b84c1000d6

  • SSDEEP

    24576:MKgNacUdqsYzZ13nw4LzyrrEqLnud2pSSdyhGXdgJLILnTn4K1F20fwdVT9MAqEq:jrbqsOnXLzUEqM2pLd6J8313YdVUGN

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      0ae3ef71b6b48f24897636f75327204e

    • SHA1

      5e58d71aa76269fef79dba8297411bf7f0cf1bfc

    • SHA256

      495915ff1a77a07fb27fe64ecfecab0e8fd8c37f41c1205448c092e6d338d5fa

    • SHA512

      4c5162254ecc7886ff05136b068e2b4a530e5624f0832001d3f48472d16b2c0f83619eabb2d51c9e126ab8204635a13b285ab5c09ac83b79e1cf36b84c1000d6

    • SSDEEP

      24576:MKgNacUdqsYzZ13nw4LzyrrEqLnud2pSSdyhGXdgJLILnTn4K1F20fwdVT9MAqEq:jrbqsOnXLzUEqM2pLd6J8313YdVUGN

    Score
    10/10
    discoveryevasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks