General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241110-b6zeqawhln

  • MD5

    284f5ef61fc9e1cf13f7dac0605da9ae

  • SHA1

    9296e6be45036579a8b22a0cfa390177ed14b89e

  • SHA256

    4f1410b75e73186bf8c09c84f48e84458ee1c151e7f254263ba13df3fc2beaf9

  • SHA512

    6ba28cd689acdcbaaa99bc60e077857072613d45419966dfb8580aa9b4fcde4c8233d6fe527016eb9a1b88ba1b97634192fa2f1937d0319c2d940c8bde0ca56b

  • SSDEEP

    49152:7mGbxotoDdxJInRWna2aS4VuRRGKCEz1v2jQUXsM:7m4lDdXIRWa2aiRP1v2jL8

Score
9/10

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      284f5ef61fc9e1cf13f7dac0605da9ae

    • SHA1

      9296e6be45036579a8b22a0cfa390177ed14b89e

    • SHA256

      4f1410b75e73186bf8c09c84f48e84458ee1c151e7f254263ba13df3fc2beaf9

    • SHA512

      6ba28cd689acdcbaaa99bc60e077857072613d45419966dfb8580aa9b4fcde4c8233d6fe527016eb9a1b88ba1b97634192fa2f1937d0319c2d940c8bde0ca56b

    • SSDEEP

      49152:7mGbxotoDdxJInRWna2aS4VuRRGKCEz1v2jQUXsM:7m4lDdXIRWa2aiRP1v2jL8

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks