General

  • Target

    59191267a40343711fb9d69070487027f78f43cf5ffb9b4f53129f5a62501b08.exe

  • Size

    2.7MB

  • Sample

    241104-cts8ls1cqd

  • MD5

    02da8861168b51f837964577ae71b38f

  • SHA1

    1eb64566a6945cafd547f66229c92d44144cba7b

  • SHA256

    59191267a40343711fb9d69070487027f78f43cf5ffb9b4f53129f5a62501b08

  • SHA512

    5f732ef643bf8996a6cd74f1e6c2811d85158370131d043ee077690ba4fb281826b997834576f3532f4b71713cb950e536c6ce04c7b6d70bb6d11c0e1b664926

  • SSDEEP

    24576:nS5FoxT0xsTKBRrrpZqXGJnAk4J8+7ANwMWLzIh7SqTdlve42HOLLL5podKrLqte:o5frr2G/Qn2YA1v8a5aGWH0g983

Malware Config

Targets

    • Target

      59191267a40343711fb9d69070487027f78f43cf5ffb9b4f53129f5a62501b08.exe

    • Size

      2.7MB

    • MD5

      02da8861168b51f837964577ae71b38f

    • SHA1

      1eb64566a6945cafd547f66229c92d44144cba7b

    • SHA256

      59191267a40343711fb9d69070487027f78f43cf5ffb9b4f53129f5a62501b08

    • SHA512

      5f732ef643bf8996a6cd74f1e6c2811d85158370131d043ee077690ba4fb281826b997834576f3532f4b71713cb950e536c6ce04c7b6d70bb6d11c0e1b664926

    • SSDEEP

      24576:nS5FoxT0xsTKBRrrpZqXGJnAk4J8+7ANwMWLzIh7SqTdlve42HOLLL5podKrLqte:o5frr2G/Qn2YA1v8a5aGWH0g983

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks