General
-
Target
fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.zip
-
Size
1.7MB
-
Sample
241111-qhw21syncy
-
MD5
4c139c0588e27cbb3d5ba6f7d7be2879
-
SHA1
f84231e796f84946fd5d00f5cae95fc5f3c3f962
-
SHA256
d3bcd07cac842a5f7a0c99f07454dea366024baf3cd85fba3c12830a2c580f0a
-
SHA512
f1542b3700567f4e20c600785147b10c56f5fc9344b330576ca299e3d1062347927ff27ce4f0a7c50a92a9429e86c38d7c9456823984fd4c4f5720749719838f
-
SSDEEP
49152:8uKokKfq7ORxpheX7v4CkZKgJEmu7zS0h+b0:DnW7ORx+z4nZKyEJ7by0
Static task
static1
Behavioral task
behavioral1
Sample
fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38.exe
-
Size
1.8MB
-
MD5
c8bdae4b54ec9fb34babe5908c1273f1
-
SHA1
53111c9f481f86109c4f045c7c65523d9f5906b0
-
SHA256
fafd551638daa4ab17ebdc71f2bffd8599332b1f1e95409af51870502cd65e38
-
SHA512
ab78acf0a806ad909c8c6e46d13e1428efa29eea35620e6a9a40f3b4e08333a6ae83671a39af96a14f0b71d2dd7f021b9354393fa0e4962d1c9b241a71814450
-
SSDEEP
24576:Y7Y2nzJAFNcKtO5fE7T2rVP2DoKomRXvYU/S7VCiG3M02N7nVDJXgPGaoz7HkcKb:sYUzOHjSfE/+0RAhQ7j2RV1SGaAX1k
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Virtualization/Sandbox Evasion
2