General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241104-cnz4zazmey
-
MD5
a5e88327ec18398ba9d6b3983e13b504
-
SHA1
4d6b9eb7baee84c194151e37e44d59577963ed14
-
SHA256
6399e569f025e58b95d7ea60ef9c3fadfd927c741173a6d024950d78f45aaa0f
-
SHA512
916ce3998de3aeb60209d45e860ccbc69f9fcd2081f97692f0d8b6c0b6dc008418e01a2ab21537dfab93bb5bff9aa5e7d8a5aae8dc3e16ebd2aacdb7f3d6b660
-
SSDEEP
49152:h5Y515LXoThIK97lKWcmTNGnR+mFKkRqq38R5DoG12jQ:h5Y515LXoTh97lKTmTNrEKkRqqi5cGEk
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
a5e88327ec18398ba9d6b3983e13b504
-
SHA1
4d6b9eb7baee84c194151e37e44d59577963ed14
-
SHA256
6399e569f025e58b95d7ea60ef9c3fadfd927c741173a6d024950d78f45aaa0f
-
SHA512
916ce3998de3aeb60209d45e860ccbc69f9fcd2081f97692f0d8b6c0b6dc008418e01a2ab21537dfab93bb5bff9aa5e7d8a5aae8dc3e16ebd2aacdb7f3d6b660
-
SSDEEP
49152:h5Y515LXoThIK97lKWcmTNGnR+mFKkRqq38R5DoG12jQ:h5Y515LXoTh97lKTmTNrEKkRqqi5cGEk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2