General

  • Target

    29762972dd0e10353291e0cceb21dbcf10ae6ffcc4af3fcfa173dfdc814fb611.exe

  • Size

    2.7MB

  • Sample

    241117-jvmksavfmf

  • MD5

    d0ada1de4825c08abe2db50924767ddd

  • SHA1

    8184a46d63bf5e5d6d4f42c51a223d175677a694

  • SHA256

    29762972dd0e10353291e0cceb21dbcf10ae6ffcc4af3fcfa173dfdc814fb611

  • SHA512

    0a5f046306cdf06f397936c55b69f16501ae02b520696b02e183437771a13e86d1f39eb76a31430cb3b35ff179ff9db507d9638c5ba71c65a8d7725eec04b0dc

  • SSDEEP

    49152:DvKFw/qJtGfYzI18IEnaok1+yonYlgFJy2OgnZi:DCFw/qJtMiI1Maok1+9F8FgZ

Malware Config

Targets

    • Target

      29762972dd0e10353291e0cceb21dbcf10ae6ffcc4af3fcfa173dfdc814fb611.exe

    • Size

      2.7MB

    • MD5

      d0ada1de4825c08abe2db50924767ddd

    • SHA1

      8184a46d63bf5e5d6d4f42c51a223d175677a694

    • SHA256

      29762972dd0e10353291e0cceb21dbcf10ae6ffcc4af3fcfa173dfdc814fb611

    • SHA512

      0a5f046306cdf06f397936c55b69f16501ae02b520696b02e183437771a13e86d1f39eb76a31430cb3b35ff179ff9db507d9638c5ba71c65a8d7725eec04b0dc

    • SSDEEP

      49152:DvKFw/qJtGfYzI18IEnaok1+yonYlgFJy2OgnZi:DCFw/qJtMiI1Maok1+9F8FgZ

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks