General
-
Target
1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135.exe
-
Size
2.7MB
-
Sample
241117-js9yastrgt
-
MD5
b41e0b969737ef7187109dc860a334a0
-
SHA1
a37ef74d602eaec6e3e349e54e5f06599e2e7fee
-
SHA256
1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135
-
SHA512
233701f59d948376107b2d72d2007ef5505213d55cbcd3bb8a7a6a631c7dba75c61fe43661d9b3b383000fa482bf7ef666f0fc302646c98d1e0b63f6425a8852
-
SSDEEP
49152:jx9+LPixmLyUUi5cNw4Rn79CIjllEHJNusD2:V9+LPyh9i5cNpRp7QE
Static task
static1
Behavioral task
behavioral1
Sample
1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135.exe
-
Size
2.7MB
-
MD5
b41e0b969737ef7187109dc860a334a0
-
SHA1
a37ef74d602eaec6e3e349e54e5f06599e2e7fee
-
SHA256
1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135
-
SHA512
233701f59d948376107b2d72d2007ef5505213d55cbcd3bb8a7a6a631c7dba75c61fe43661d9b3b383000fa482bf7ef666f0fc302646c98d1e0b63f6425a8852
-
SSDEEP
49152:jx9+LPixmLyUUi5cNw4Rn79CIjllEHJNusD2:V9+LPyh9i5cNpRp7QE
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2