General

  • Target

    13b53797e8ae8969a0fe2fa57463fae3727af51fe094904b0bd5c4ba22bfd262.exe

  • Size

    2.7MB

  • Sample

    241104-ch8h6atkbl

  • MD5

    55d089adcef6d02f188a67f09a078f97

  • SHA1

    c61e9e0c50ae4977a937760c9e3ed19e8cab6863

  • SHA256

    13b53797e8ae8969a0fe2fa57463fae3727af51fe094904b0bd5c4ba22bfd262

  • SHA512

    7019795ea4693d7ce222618c980624b515efcdf9e0e2203df30156ca248cbe99f1f1637a747a40e27847a598119e0a38c4bd78db488fb0b19d3cb20da2b7f0b2

  • SSDEEP

    49152:l2Z9h/czBnu53qlDni1iijuxjiwranT5mvvCKxMGF0GlFyzzS3b:l2Z9Rc9nu53qlDi0ij5mNxL7FyX

Malware Config

Targets

    • Target

      13b53797e8ae8969a0fe2fa57463fae3727af51fe094904b0bd5c4ba22bfd262.exe

    • Size

      2.7MB

    • MD5

      55d089adcef6d02f188a67f09a078f97

    • SHA1

      c61e9e0c50ae4977a937760c9e3ed19e8cab6863

    • SHA256

      13b53797e8ae8969a0fe2fa57463fae3727af51fe094904b0bd5c4ba22bfd262

    • SHA512

      7019795ea4693d7ce222618c980624b515efcdf9e0e2203df30156ca248cbe99f1f1637a747a40e27847a598119e0a38c4bd78db488fb0b19d3cb20da2b7f0b2

    • SSDEEP

      49152:l2Z9h/czBnu53qlDni1iijuxjiwranT5mvvCKxMGF0GlFyzzS3b:l2Z9Rc9nu53qlDi0ij5mNxL7FyX

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks