General

  • Target

    25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5.exe

  • Size

    2.7MB

  • Sample

    241117-jt1q1svjav

  • MD5

    8a22eb031e1cc219f7d7c7932616eb11

  • SHA1

    323fef7b5c0e29020571b58604859bf8f9ef67d0

  • SHA256

    25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5

  • SHA512

    4b1b1013239ff541c1fc93562668d997288dcf151e6b5ccb9d1dbcc77e6907d840bca9b0644562a36ce80822cdb1fd85dd7ff7d4a4ef4d76ef920a7bd4518fe5

  • SSDEEP

    49152:+hkiEK0CybX0nk86pjS+WgSjqP5SS8Gnl+4YwIQjSY:piEK0TbX0nk86ph2GP5SRww4YwIkj

Malware Config

Targets

    • Target

      25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5.exe

    • Size

      2.7MB

    • MD5

      8a22eb031e1cc219f7d7c7932616eb11

    • SHA1

      323fef7b5c0e29020571b58604859bf8f9ef67d0

    • SHA256

      25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5

    • SHA512

      4b1b1013239ff541c1fc93562668d997288dcf151e6b5ccb9d1dbcc77e6907d840bca9b0644562a36ce80822cdb1fd85dd7ff7d4a4ef4d76ef920a7bd4518fe5

    • SSDEEP

      49152:+hkiEK0CybX0nk86pjS+WgSjqP5SS8Gnl+4YwIQjSY:piEK0TbX0nk86ph2GP5SRww4YwIkj

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks