General

  • Target

    30aaff9081e5f855aadf4f3f9f9a2e6c6c19e52269ca0433ee049ef9a972fc48.exe

  • Size

    2.7MB

  • Sample

    241117-jw7mcazjfj

  • MD5

    29ab316adae71c96b839165fed5ba98e

  • SHA1

    4161c4e04e8f005143e34db3a36b6d5e041b5475

  • SHA256

    30aaff9081e5f855aadf4f3f9f9a2e6c6c19e52269ca0433ee049ef9a972fc48

  • SHA512

    a37e9724d03d63499620b17e23f558616d20c9c9a650b831e23626515c9fd4d7c21ee170e0e5efde64121511f2ef07ead22518d0b3e7d64bdff1b1915e5f773f

  • SSDEEP

    24576:tzqVutE4dA8NRNYluV8ZhUVLiE39i0Sb2176p1WRG7g0QVyaFComW+o2F2JuEJQv:ZQmNNYxT7KAaFCoDVJQsJxvw

Malware Config

Targets

    • Target

      30aaff9081e5f855aadf4f3f9f9a2e6c6c19e52269ca0433ee049ef9a972fc48.exe

    • Size

      2.7MB

    • MD5

      29ab316adae71c96b839165fed5ba98e

    • SHA1

      4161c4e04e8f005143e34db3a36b6d5e041b5475

    • SHA256

      30aaff9081e5f855aadf4f3f9f9a2e6c6c19e52269ca0433ee049ef9a972fc48

    • SHA512

      a37e9724d03d63499620b17e23f558616d20c9c9a650b831e23626515c9fd4d7c21ee170e0e5efde64121511f2ef07ead22518d0b3e7d64bdff1b1915e5f773f

    • SSDEEP

      24576:tzqVutE4dA8NRNYluV8ZhUVLiE39i0Sb2176p1WRG7g0QVyaFComW+o2F2JuEJQv:ZQmNNYxT7KAaFCoDVJQsJxvw

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks