General

  • Target

    a2c4792c72354a4d9ba484fd68dce51182e71eab8d7f479af4d7c76391342025.exe

  • Size

    2.6MB

  • Sample

    241113-wk7jeszmdn

  • MD5

    1aa115cc0d1b0c21ae6e41cf8753d949

  • SHA1

    0e4889820edcc1aa6de2141a129d964db4308a8c

  • SHA256

    a2c4792c72354a4d9ba484fd68dce51182e71eab8d7f479af4d7c76391342025

  • SHA512

    efff64995a9256f4720b47bf04672fc4fe581f40909f29648ccadb52235124945cbcc7355c1e3ead4279e3b41da828b4f1bc7d697e0d746087e1ef97b4240c13

  • SSDEEP

    49152:nH3d6woElfeifmBROgBHY8IybAQXqg13b1WZsBmUiI49oa:Xd6TE0smBR7BHY8IyMQZ5l4oa

Malware Config

Targets

    • Target

      a2c4792c72354a4d9ba484fd68dce51182e71eab8d7f479af4d7c76391342025.exe

    • Size

      2.6MB

    • MD5

      1aa115cc0d1b0c21ae6e41cf8753d949

    • SHA1

      0e4889820edcc1aa6de2141a129d964db4308a8c

    • SHA256

      a2c4792c72354a4d9ba484fd68dce51182e71eab8d7f479af4d7c76391342025

    • SHA512

      efff64995a9256f4720b47bf04672fc4fe581f40909f29648ccadb52235124945cbcc7355c1e3ead4279e3b41da828b4f1bc7d697e0d746087e1ef97b4240c13

    • SSDEEP

      49152:nH3d6woElfeifmBROgBHY8IybAQXqg13b1WZsBmUiI49oa:Xd6TE0smBR7BHY8IyMQZ5l4oa

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks