General

  • Target

    dc41291a53269e0f1094795383c3c01d607acbf0fae98c5eed6a83a17ab6db45

  • Size

    2.7MB

  • Sample

    241117-jxlfhavhkl

  • MD5

    a5931784845d5c095fcd6f539be5b0c6

  • SHA1

    5593d35af0003a0012570464ad32ffd66b73f208

  • SHA256

    dc41291a53269e0f1094795383c3c01d607acbf0fae98c5eed6a83a17ab6db45

  • SHA512

    6e58923e939a5740064dcb8462511f754862fd1785cd3da84af3510139664a18550cdb9df03dc80a04c5a0b3fa46a9f87f1a802158336413fe6f808bfd916fb4

  • SSDEEP

    49152:Dy8kDmFJ/43ZUIFDoXy9Pkd8jn+rSxM1UhalyXNzSuSfm:29mj/4pUIFxbxbTN4m

Malware Config

Targets

    • Target

      dc41291a53269e0f1094795383c3c01d607acbf0fae98c5eed6a83a17ab6db45

    • Size

      2.7MB

    • MD5

      a5931784845d5c095fcd6f539be5b0c6

    • SHA1

      5593d35af0003a0012570464ad32ffd66b73f208

    • SHA256

      dc41291a53269e0f1094795383c3c01d607acbf0fae98c5eed6a83a17ab6db45

    • SHA512

      6e58923e939a5740064dcb8462511f754862fd1785cd3da84af3510139664a18550cdb9df03dc80a04c5a0b3fa46a9f87f1a802158336413fe6f808bfd916fb4

    • SSDEEP

      49152:Dy8kDmFJ/43ZUIFDoXy9Pkd8jn+rSxM1UhalyXNzSuSfm:29mj/4pUIFxbxbTN4m

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks