General

  • Target

    0865b4e2d69561a44f8dcf4da21af282a5796756ff6151f64f051246afdeb163

  • Size

    3.0MB

  • Sample

    241117-jxnkvszjgk

  • MD5

    68060fee433a31ea09a47eb9fc8bb755

  • SHA1

    486ebae4ee282981c54274193a7e30119eae5fa5

  • SHA256

    0865b4e2d69561a44f8dcf4da21af282a5796756ff6151f64f051246afdeb163

  • SHA512

    adb5c29f5a987ec05d9db378a7e0a0af7af2290b17a590edb00426a45ea3661d20c0752fc44a2c83fcff5be72c487ef2548d6aac0510a3216f28cbbb3066ccc7

  • SSDEEP

    49152:1Z/Cpy5LQoQDBSfAbVXr1dMl76ySPeP/IXenVCjGr:70y5LQoQDgfs9ZdMweoXeVCir

Score
9/10

Malware Config

Targets

    • Target

      0865b4e2d69561a44f8dcf4da21af282a5796756ff6151f64f051246afdeb163

    • Size

      3.0MB

    • MD5

      68060fee433a31ea09a47eb9fc8bb755

    • SHA1

      486ebae4ee282981c54274193a7e30119eae5fa5

    • SHA256

      0865b4e2d69561a44f8dcf4da21af282a5796756ff6151f64f051246afdeb163

    • SHA512

      adb5c29f5a987ec05d9db378a7e0a0af7af2290b17a590edb00426a45ea3661d20c0752fc44a2c83fcff5be72c487ef2548d6aac0510a3216f28cbbb3066ccc7

    • SSDEEP

      49152:1Z/Cpy5LQoQDBSfAbVXr1dMl76ySPeP/IXenVCjGr:70y5LQoQDgfs9ZdMweoXeVCir

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks