General

  • Target

    59d49f942c7408e16c52e3c26953468b049cd76d8d62f1d814625e6bc3792ef3

  • Size

    2.7MB

  • Sample

    241117-jksdaayqcm

  • MD5

    97867b90c67abcb58f21e80f007287a0

  • SHA1

    257376a97e66a375262a54a936904bb23c5d2363

  • SHA256

    59d49f942c7408e16c52e3c26953468b049cd76d8d62f1d814625e6bc3792ef3

  • SHA512

    fc72eea7675695a7fe4f6252be2b1f4bdc448d15c7735239c4e2bfcb598d3f90f2738fb8e898fbbb5420da81f227ff235e32218e5c22499f4015db8d676cf73c

  • SSDEEP

    49152:f91kvaAB7AUywjWpQ9BVzaIne57iNRa84to0e8eI+cdp:rkvaAB7AUywaSBVzaIne52NRa84to0eW

Malware Config

Targets

    • Target

      59d49f942c7408e16c52e3c26953468b049cd76d8d62f1d814625e6bc3792ef3

    • Size

      2.7MB

    • MD5

      97867b90c67abcb58f21e80f007287a0

    • SHA1

      257376a97e66a375262a54a936904bb23c5d2363

    • SHA256

      59d49f942c7408e16c52e3c26953468b049cd76d8d62f1d814625e6bc3792ef3

    • SHA512

      fc72eea7675695a7fe4f6252be2b1f4bdc448d15c7735239c4e2bfcb598d3f90f2738fb8e898fbbb5420da81f227ff235e32218e5c22499f4015db8d676cf73c

    • SSDEEP

      49152:f91kvaAB7AUywjWpQ9BVzaIne57iNRa84to0e8eI+cdp:rkvaAB7AUywaSBVzaIne52NRa84to0eW

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks