General
-
Target
4327f00d94424de1ca5d77687f4107e932107f9ba10e92b17e7ce3667d4b3475.exe
-
Size
2.7MB
-
Sample
241104-cq22ca1fnj
-
MD5
a26ee884994df25954a5cb3873320160
-
SHA1
6bac2e081c7f3dfe48e39e47492b2905abb356ed
-
SHA256
4327f00d94424de1ca5d77687f4107e932107f9ba10e92b17e7ce3667d4b3475
-
SHA512
8a692440cee7f75ba5bd4cb4e1e9f064325370b1932a82f1aadee719cef2bd90c632e6540b4096aa0d920a11cf9ca2b71ed612948f2bcfe395ec1411dab7aa96
-
SSDEEP
49152:R7M3VLmckUpS6BWK0EJTG6Rysg/TXY0MGFIu5QKgm:VM3Vi2SEWKTTNRys0TXY0McIvVm
Static task
static1
Behavioral task
behavioral1
Sample
4327f00d94424de1ca5d77687f4107e932107f9ba10e92b17e7ce3667d4b3475.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
4327f00d94424de1ca5d77687f4107e932107f9ba10e92b17e7ce3667d4b3475.exe
-
Size
2.7MB
-
MD5
a26ee884994df25954a5cb3873320160
-
SHA1
6bac2e081c7f3dfe48e39e47492b2905abb356ed
-
SHA256
4327f00d94424de1ca5d77687f4107e932107f9ba10e92b17e7ce3667d4b3475
-
SHA512
8a692440cee7f75ba5bd4cb4e1e9f064325370b1932a82f1aadee719cef2bd90c632e6540b4096aa0d920a11cf9ca2b71ed612948f2bcfe395ec1411dab7aa96
-
SSDEEP
49152:R7M3VLmckUpS6BWK0EJTG6Rysg/TXY0MGFIu5QKgm:VM3Vi2SEWKTTNRys0TXY0McIvVm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2