General
-
Target
4bfdb8a4d57b9ef7f192d1edf593abdb534c9b0206347336f9d305a3b4bf1008.exe
-
Size
2.7MB
-
Sample
241104-csk6ls1frl
-
MD5
b663eb4fdab81bc27957f9524850c728
-
SHA1
a8a554fbb658a8971aa3f1c830a85746fa9c8316
-
SHA256
4bfdb8a4d57b9ef7f192d1edf593abdb534c9b0206347336f9d305a3b4bf1008
-
SHA512
7af8eb7b0f26090eed8d69f132bfaeb6124ee4ef5c6cb38c415552135cdb6a46a977459180409c437e15d55f4f13b5a4bb4ce0789568f6a1e3eb9c8f7d0033ae
-
SSDEEP
49152:o+nbESNlMEprL1BrA0mXsK1e2dbehiN9tzndvK:rnbEAlMMdA5swFNHdS
Static task
static1
Behavioral task
behavioral1
Sample
4bfdb8a4d57b9ef7f192d1edf593abdb534c9b0206347336f9d305a3b4bf1008.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
4bfdb8a4d57b9ef7f192d1edf593abdb534c9b0206347336f9d305a3b4bf1008.exe
-
Size
2.7MB
-
MD5
b663eb4fdab81bc27957f9524850c728
-
SHA1
a8a554fbb658a8971aa3f1c830a85746fa9c8316
-
SHA256
4bfdb8a4d57b9ef7f192d1edf593abdb534c9b0206347336f9d305a3b4bf1008
-
SHA512
7af8eb7b0f26090eed8d69f132bfaeb6124ee4ef5c6cb38c415552135cdb6a46a977459180409c437e15d55f4f13b5a4bb4ce0789568f6a1e3eb9c8f7d0033ae
-
SSDEEP
49152:o+nbESNlMEprL1BrA0mXsK1e2dbehiN9tzndvK:rnbEAlMMdA5swFNHdS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2