General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241104-h4ytqszldq
-
MD5
4350ba28eb735769814cd2b067c7e9d5
-
SHA1
c8eeb0fd396ee6a97cb2138468ecf95e06cac95b
-
SHA256
3354a62a460c0022e55d548c877c3de59b00f942acdb3512a0803cf4f4a11525
-
SHA512
7a1192a4bcd21d96b10fab3ca10ce58bdf375c25cef2b422160ccbbb2c810479fb3d25c96fb19ee9a0ee1e60d5efca16be28bf49a0e1429f2395a37e4a5d4c8e
-
SSDEEP
49152:sL+C7bdMjyK+xbAAjTXvFoQC45Kja/vMUfm3irUNKzGEbRwAM5:sLDPdMjyPx0AjT67javMUg0UNtLx5
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
4350ba28eb735769814cd2b067c7e9d5
-
SHA1
c8eeb0fd396ee6a97cb2138468ecf95e06cac95b
-
SHA256
3354a62a460c0022e55d548c877c3de59b00f942acdb3512a0803cf4f4a11525
-
SHA512
7a1192a4bcd21d96b10fab3ca10ce58bdf375c25cef2b422160ccbbb2c810479fb3d25c96fb19ee9a0ee1e60d5efca16be28bf49a0e1429f2395a37e4a5d4c8e
-
SSDEEP
49152:sL+C7bdMjyK+xbAAjTXvFoQC45Kja/vMUfm3irUNKzGEbRwAM5:sLDPdMjyPx0AjT67javMUg0UNtLx5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2