General

  • Target

    file.exe

  • Size

    2.7MB

  • Sample

    241117-jlyxfsvflm

  • MD5

    c7e4726271a287933dca5023b03011c6

  • SHA1

    9c797d71e90a3616baad1f8868f370cdb55024e7

  • SHA256

    8f4e3cb20a55ecccd721820c1073f911ba6775406ca37e1340b786ed7919ffdb

  • SHA512

    6e9d5d65bbc4c1003194da39e4868f215bb50fad280789ee971dc6bac2e919392a9aa4404dea42bc2704014119ac302f83797dccd57906808bf64e1230e690e9

  • SSDEEP

    49152:+5nnFkCm4NSdrtvX5zLN/p3QSyoKeLd6tGex1Exf:+nnFkCm4NSdrtvX5fFmSywYtR0f

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.7MB

    • MD5

      c7e4726271a287933dca5023b03011c6

    • SHA1

      9c797d71e90a3616baad1f8868f370cdb55024e7

    • SHA256

      8f4e3cb20a55ecccd721820c1073f911ba6775406ca37e1340b786ed7919ffdb

    • SHA512

      6e9d5d65bbc4c1003194da39e4868f215bb50fad280789ee971dc6bac2e919392a9aa4404dea42bc2704014119ac302f83797dccd57906808bf64e1230e690e9

    • SSDEEP

      49152:+5nnFkCm4NSdrtvX5zLN/p3QSyoKeLd6tGex1Exf:+nnFkCm4NSdrtvX5fFmSywYtR0f

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks