Overview

overview

9

Static

static

3

pafish.exe

windows7-x64

9

pafish.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    pafish.exe

  • Size

    116KB

  • Sample

    241018-kk48hsxdna

  • MD5

    c5e430d78ff30617dd35e2e3d8195a89

  • SHA1

    9759d2aa1f554e59f60a7ca583ed474e3893cd0e

  • SHA256

    9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e

  • SHA512

    8160c01c817b55f823a10fc50a7543eda4407422a7f7f6cd0622b719f5bc771321b91346f9f21c953e6cb06bb477b83625605911f532a66b842c68fd34585105

  • SSDEEP

    3072:JQcpywWBS+F9TQw4cesrHyrOMGTkrNRD:JlY9T6cekMGTuNR

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      pafish.exe

    • Size

      116KB

    • MD5

      c5e430d78ff30617dd35e2e3d8195a89

    • SHA1

      9759d2aa1f554e59f60a7ca583ed474e3893cd0e

    • SHA256

      9e7d694ed87ae95f9c25af5f3a5cea76188cd7c1c91ce49c92e25585f232d98e

    • SHA512

      8160c01c817b55f823a10fc50a7543eda4407422a7f7f6cd0622b719f5bc771321b91346f9f21c953e6cb06bb477b83625605911f532a66b842c68fd34585105

    • SSDEEP

      3072:JQcpywWBS+F9TQw4cesrHyrOMGTkrNRD:JlY9T6cekMGTuNR

    Score
    9/10
    discoveryevasion

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks