General
-
Target
3a9ddebb8e346879df128a8293667bc5ced6c6d2eb8caf05d8e45c9d141b8007.exe
-
Size
1.7MB
-
Sample
241117-jx8wssvhlr
-
MD5
2c9ced58bf9e45eec38025b26b74a8b4
-
SHA1
5cc39c77409a1c96112ab064b3f4473392436318
-
SHA256
3a9ddebb8e346879df128a8293667bc5ced6c6d2eb8caf05d8e45c9d141b8007
-
SHA512
3521720728c96e2b4471cdcb95c6ee68f68b8393f82727da46d271840b37b6353a7468c48af5bc8ec6e9b681658d1506f36b831abbe724af018280eff1478bdb
-
SSDEEP
49152:SwNowc3gPkkjHV+IWA4Szf7ZVviESkG9:S0c3gPkgN142pG9
Static task
static1
Behavioral task
behavioral1
Sample
3a9ddebb8e346879df128a8293667bc5ced6c6d2eb8caf05d8e45c9d141b8007.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
3a9ddebb8e346879df128a8293667bc5ced6c6d2eb8caf05d8e45c9d141b8007.exe
-
Size
1.7MB
-
MD5
2c9ced58bf9e45eec38025b26b74a8b4
-
SHA1
5cc39c77409a1c96112ab064b3f4473392436318
-
SHA256
3a9ddebb8e346879df128a8293667bc5ced6c6d2eb8caf05d8e45c9d141b8007
-
SHA512
3521720728c96e2b4471cdcb95c6ee68f68b8393f82727da46d271840b37b6353a7468c48af5bc8ec6e9b681658d1506f36b831abbe724af018280eff1478bdb
-
SSDEEP
49152:SwNowc3gPkkjHV+IWA4Szf7ZVviESkG9:S0c3gPkgN142pG9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2