General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241113-rwvxjsxjeq

  • MD5

    eb4b5e50fabe588c24ac0baaa9d521af

  • SHA1

    d3eaccb2c7fb3198e7962535784748dde8d5c896

  • SHA256

    1f38d19213588d5c202cb33491175a72f403936ec55b9c88e2a6b48d8a3e122b

  • SHA512

    468f2398c8f4a2c070b5fb0004c34d1e4e4f0c015045e5fcc0a2774ee797a31fc64b1ffbc2d57017b57d75377ffa8c5911b2d960a8a6ea1fde0d7ca37f9d148e

  • SSDEEP

    49152:+me74X1mxnn1b5uXFMOoMKWqT0aNSnwkysaYr+e0ys7Q5:ep1b5uXFMOoMhqT0aInvaY8t7Q

Malware Config

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      eb4b5e50fabe588c24ac0baaa9d521af

    • SHA1

      d3eaccb2c7fb3198e7962535784748dde8d5c896

    • SHA256

      1f38d19213588d5c202cb33491175a72f403936ec55b9c88e2a6b48d8a3e122b

    • SHA512

      468f2398c8f4a2c070b5fb0004c34d1e4e4f0c015045e5fcc0a2774ee797a31fc64b1ffbc2d57017b57d75377ffa8c5911b2d960a8a6ea1fde0d7ca37f9d148e

    • SSDEEP

      49152:+me74X1mxnn1b5uXFMOoMKWqT0aNSnwkysaYr+e0ys7Q5:ep1b5uXFMOoMhqT0aInvaY8t7Q

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks