General
-
Target
7b5867c2ef958e0ec5143efc9c55690494841d14d7d5d86d40e58ca670fdfbf0.exe
-
Size
1.7MB
-
Sample
241018-cgc1vszfmc
-
MD5
973b2f110938477f07b1e647f7d8fb8d
-
SHA1
19f01293cdc1f0a4a8516f27ba1bb3d61260163c
-
SHA256
7b5867c2ef958e0ec5143efc9c55690494841d14d7d5d86d40e58ca670fdfbf0
-
SHA512
a0fff6e9e1b9633e0935bab869269fbf611fea2ca4986f42ede07d6ad9bd5e9189202cda9f778c524b29c858b3bf0501ffe73817ba8dfe9697f89e863b66526e
-
SSDEEP
24576:sUYn6GA+EgW9rAPPHnmc9l8hkDg4p2OwfdSwzqoz80bvmEwIIDgMsiEQV9O/ccmF:s1j/EgYrUHnmU/VqXzfz3b+LgKu0/Lr
Malware Config
Targets
-
-
Target
7b5867c2ef958e0ec5143efc9c55690494841d14d7d5d86d40e58ca670fdfbf0.exe
-
Size
1.7MB
-
MD5
973b2f110938477f07b1e647f7d8fb8d
-
SHA1
19f01293cdc1f0a4a8516f27ba1bb3d61260163c
-
SHA256
7b5867c2ef958e0ec5143efc9c55690494841d14d7d5d86d40e58ca670fdfbf0
-
SHA512
a0fff6e9e1b9633e0935bab869269fbf611fea2ca4986f42ede07d6ad9bd5e9189202cda9f778c524b29c858b3bf0501ffe73817ba8dfe9697f89e863b66526e
-
SSDEEP
24576:sUYn6GA+EgW9rAPPHnmc9l8hkDg4p2OwfdSwzqoz80bvmEwIIDgMsiEQV9O/ccmF:s1j/EgYrUHnmU/VqXzfz3b+LgKu0/Lr
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2