General
-
Target
e2e4269167950f8484107762b3634779c3a556a4e3af66d3e5206b34019100bfN.exe
-
Size
150KB
-
Sample
241112-nvbwha1lat
-
MD5
cfc7d2bdbf1ec7ded14f91a2595b1057
-
SHA1
3cfcb10da34181168059a0fd20e7fc8def317a64
-
SHA256
34f586d6a0d141eea8f6324001831772a538060e9a075e6d1d0cf2aa6e930f76
-
SHA512
64d817fa12637da2b276bc7801e9813cc718e76eedcd2bb1b84c3bd5df8b4d62e47fac46a16afa2d3779c927a58d2d55263e4d82cd47539b096d22deef48fd42
-
SSDEEP
3072:5JxiXftHXtzxDhH3jyO2iaFdCbK/1yJMH6y9Qys9TZP:9CfVfhHzyOU7Cb60I6l9ZP
Static task
static1
Behavioral task
behavioral1
Sample
e2e4269167950f8484107762b3634779c3a556a4e3af66d3e5206b34019100bfN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e2e4269167950f8484107762b3634779c3a556a4e3af66d3e5206b34019100bfN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
e2e4269167950f8484107762b3634779c3a556a4e3af66d3e5206b34019100bfN.exe
-
Size
150KB
-
MD5
cfc7d2bdbf1ec7ded14f91a2595b1057
-
SHA1
3cfcb10da34181168059a0fd20e7fc8def317a64
-
SHA256
34f586d6a0d141eea8f6324001831772a538060e9a075e6d1d0cf2aa6e930f76
-
SHA512
64d817fa12637da2b276bc7801e9813cc718e76eedcd2bb1b84c3bd5df8b4d62e47fac46a16afa2d3779c927a58d2d55263e4d82cd47539b096d22deef48fd42
-
SSDEEP
3072:5JxiXftHXtzxDhH3jyO2iaFdCbK/1yJMH6y9Qys9TZP:9CfVfhHzyOU7Cb60I6l9ZP
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Virtualization/Sandbox Evasion
1