General

  • Target

    dcb1c01555ff4e4abebfb41e0ab88f80f160ccdfad90dba7cf006155b2d928e6.exe

  • Size

    2.6MB

  • Sample

    241104-dh9a5asdrq

  • MD5

    4db45d24e7ad846eef8066cf15cfe490

  • SHA1

    09c3a76063a3a0e4e8ff5098aa1d9527dfaba395

  • SHA256

    dcb1c01555ff4e4abebfb41e0ab88f80f160ccdfad90dba7cf006155b2d928e6

  • SHA512

    afb2b9e7d9c52c1a5d9d97af4dfaa65d3a3c2e82b9f55e503ed4295bdae31755fd402cfae9bbfbb99c76a605b12cc5b8def2e0f695a7a97b9053b4afff19e3a3

  • SSDEEP

    49152:kW3LpPeGOksfdM+5mScBR3r7e9BK6Grn0:P3LpPeGOksu+5VcBR3rbdr

Malware Config

Targets

    • Target

      dcb1c01555ff4e4abebfb41e0ab88f80f160ccdfad90dba7cf006155b2d928e6.exe

    • Size

      2.6MB

    • MD5

      4db45d24e7ad846eef8066cf15cfe490

    • SHA1

      09c3a76063a3a0e4e8ff5098aa1d9527dfaba395

    • SHA256

      dcb1c01555ff4e4abebfb41e0ab88f80f160ccdfad90dba7cf006155b2d928e6

    • SHA512

      afb2b9e7d9c52c1a5d9d97af4dfaa65d3a3c2e82b9f55e503ed4295bdae31755fd402cfae9bbfbb99c76a605b12cc5b8def2e0f695a7a97b9053b4afff19e3a3

    • SSDEEP

      49152:kW3LpPeGOksfdM+5mScBR3r7e9BK6Grn0:P3LpPeGOksu+5VcBR3rbdr

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks