General

  • Target

    31fa84c2fd1626a571dd7895fd2e149d7eb003a7bc9037615cb71f07571edb0f.exe

  • Size

    2.7MB

  • Sample

    241117-jxeb7avhjp

  • MD5

    6baac82565614419657461187756f86e

  • SHA1

    e5759600f149acde660e3c174fd0c853e2dbedd6

  • SHA256

    31fa84c2fd1626a571dd7895fd2e149d7eb003a7bc9037615cb71f07571edb0f

  • SHA512

    9bccc70f1c959b1f49fac482a89ecb934f707b28717b0c75521445f12e922656e5a9c44b07d294760ef53d776984cc89bf34fda631f7633f3d578a2b2a4a9cd7

  • SSDEEP

    24576:hPCiFFuFqz7F8nVxnEliverMosXcNnendHSJg4ZiYQSDH7quOCm3Xx+rkxgRGtz6:5FFuFqz7GVWlc6Kk/GCU+Itrm9ut5KR

Malware Config

Targets

    • Target

      31fa84c2fd1626a571dd7895fd2e149d7eb003a7bc9037615cb71f07571edb0f.exe

    • Size

      2.7MB

    • MD5

      6baac82565614419657461187756f86e

    • SHA1

      e5759600f149acde660e3c174fd0c853e2dbedd6

    • SHA256

      31fa84c2fd1626a571dd7895fd2e149d7eb003a7bc9037615cb71f07571edb0f

    • SHA512

      9bccc70f1c959b1f49fac482a89ecb934f707b28717b0c75521445f12e922656e5a9c44b07d294760ef53d776984cc89bf34fda631f7633f3d578a2b2a4a9cd7

    • SSDEEP

      24576:hPCiFFuFqz7F8nVxnEliverMosXcNnendHSJg4ZiYQSDH7quOCm3Xx+rkxgRGtz6:5FFuFqz7GVWlc6Kk/GCU+Itrm9ut5KR

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks