General

  • Target

    160219433f3f191e8be48a33775c0c5bfbb731bc87fb5ab7cd0bca3d20801d31.exe

  • Size

    1.7MB

  • Sample

    241117-js2xpatrf1

  • MD5

    d2c651579adda1ad75763d77f722112f

  • SHA1

    d9c10344a0b3566809d78e7fa12e132dc7d9801a

  • SHA256

    160219433f3f191e8be48a33775c0c5bfbb731bc87fb5ab7cd0bca3d20801d31

  • SHA512

    87fb6dc5dc5d1eda087d8bfb01046b85674743e479a7c08899a12715966e187801675e5084ac9706a7e47b8ae43894af4d368d68d03f12c3905537d609b02ad5

  • SSDEEP

    49152:aSr2gLADwKcd5bd89abKTRGO5MPt/kNEu7CIn+tRO:dLADWbqabKTsO5MhWP+tc

Score
9/10

Malware Config

Targets

    • Target

      160219433f3f191e8be48a33775c0c5bfbb731bc87fb5ab7cd0bca3d20801d31.exe

    • Size

      1.7MB

    • MD5

      d2c651579adda1ad75763d77f722112f

    • SHA1

      d9c10344a0b3566809d78e7fa12e132dc7d9801a

    • SHA256

      160219433f3f191e8be48a33775c0c5bfbb731bc87fb5ab7cd0bca3d20801d31

    • SHA512

      87fb6dc5dc5d1eda087d8bfb01046b85674743e479a7c08899a12715966e187801675e5084ac9706a7e47b8ae43894af4d368d68d03f12c3905537d609b02ad5

    • SSDEEP

      49152:aSr2gLADwKcd5bd89abKTRGO5MPt/kNEu7CIn+tRO:dLADWbqabKTsO5MhWP+tc

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks