General

  • Target

    1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135.exe

  • Size

    2.7MB

  • Sample

    241117-js9yastrgt

  • MD5

    b41e0b969737ef7187109dc860a334a0

  • SHA1

    a37ef74d602eaec6e3e349e54e5f06599e2e7fee

  • SHA256

    1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135

  • SHA512

    233701f59d948376107b2d72d2007ef5505213d55cbcd3bb8a7a6a631c7dba75c61fe43661d9b3b383000fa482bf7ef666f0fc302646c98d1e0b63f6425a8852

  • SSDEEP

    49152:jx9+LPixmLyUUi5cNw4Rn79CIjllEHJNusD2:V9+LPyh9i5cNpRp7QE

Malware Config

Targets

    • Target

      1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135.exe

    • Size

      2.7MB

    • MD5

      b41e0b969737ef7187109dc860a334a0

    • SHA1

      a37ef74d602eaec6e3e349e54e5f06599e2e7fee

    • SHA256

      1929953dc1e1bf191d351def2f0ddc21a566f5f3ecfab3a47669933924577135

    • SHA512

      233701f59d948376107b2d72d2007ef5505213d55cbcd3bb8a7a6a631c7dba75c61fe43661d9b3b383000fa482bf7ef666f0fc302646c98d1e0b63f6425a8852

    • SSDEEP

      49152:jx9+LPixmLyUUi5cNw4Rn79CIjllEHJNusD2:V9+LPyh9i5cNpRp7QE

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks