General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241113-rh5vlatbjh
-
MD5
2d7b10f1d1d53132873d81b253e628ee
-
SHA1
cf0741624436c6e06d07fcf26ac41d4c3a2d9fe0
-
SHA256
1ad376de935eca916329efc0cd63f08156dc9ea5082aa617f4c736db06e0ba36
-
SHA512
7e264775147b52c1ed5c9953ef8abf4fc509684ba5d69b860302c5164e05b38c8036668a2efe6cdb3e2385867a5ac45c1ad29864edd3e700e487e09d0acf5bbf
-
SSDEEP
24576:e/vthoYSX0kyxthfUhJBPYcdxoKdlJ6xoFr1/ymuGbkkLYXSojwDgt5phuXAIRp:eth9SgUBXfymdgSosD9NJJru8A7Xru3
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
2d7b10f1d1d53132873d81b253e628ee
-
SHA1
cf0741624436c6e06d07fcf26ac41d4c3a2d9fe0
-
SHA256
1ad376de935eca916329efc0cd63f08156dc9ea5082aa617f4c736db06e0ba36
-
SHA512
7e264775147b52c1ed5c9953ef8abf4fc509684ba5d69b860302c5164e05b38c8036668a2efe6cdb3e2385867a5ac45c1ad29864edd3e700e487e09d0acf5bbf
-
SSDEEP
24576:e/vthoYSX0kyxthfUhJBPYcdxoKdlJ6xoFr1/ymuGbkkLYXSojwDgt5phuXAIRp:eth9SgUBXfymdgSosD9NJJru8A7Xru3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2