General

  • Target

    46a25aa38e536b2f7f2b950f00269d78ceaa2ae77e9ac3b99b1147628e18d76e.exe

  • Size

    4.2MB

  • Sample

    241109-za5tma1hmr

  • MD5

    3513dcf913ca16de1e626827dd76f329

  • SHA1

    0347bb1ba8ecd93267f7820d2649acaee9c60bc7

  • SHA256

    46a25aa38e536b2f7f2b950f00269d78ceaa2ae77e9ac3b99b1147628e18d76e

  • SHA512

    42310dcd61b5f32eaaf34434dca8f45a2ada0c2d9c293a87f222fc3aa3a289805c037508e278f0cbd8901ddd3d4b2a97259027fb0c3092ff653f60da14d43428

  • SSDEEP

    98304:Iem+NfZ/yB042SIoHVqNBVZ+Ct5sc8ndU/aY9bE:IeL/yweVo/Vt5R8ndrQ

Score
9/10

Malware Config

Targets

    • Target

      46a25aa38e536b2f7f2b950f00269d78ceaa2ae77e9ac3b99b1147628e18d76e.exe

    • Size

      4.2MB

    • MD5

      3513dcf913ca16de1e626827dd76f329

    • SHA1

      0347bb1ba8ecd93267f7820d2649acaee9c60bc7

    • SHA256

      46a25aa38e536b2f7f2b950f00269d78ceaa2ae77e9ac3b99b1147628e18d76e

    • SHA512

      42310dcd61b5f32eaaf34434dca8f45a2ada0c2d9c293a87f222fc3aa3a289805c037508e278f0cbd8901ddd3d4b2a97259027fb0c3092ff653f60da14d43428

    • SSDEEP

      98304:Iem+NfZ/yB042SIoHVqNBVZ+Ct5sc8ndU/aY9bE:IeL/yweVo/Vt5R8ndrQ

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks