General
-
Target
368290b4f6e2bb087968b8b58a8669ecca95987ed3e3a6556920ee5b08b879bf.exe
-
Size
2.7MB
-
Sample
241117-jxq1zsvfrg
-
MD5
189d6ea566ac096c76139b59ee5114a2
-
SHA1
8afa908703ee5d4210bfad9e4df841d87659735d
-
SHA256
368290b4f6e2bb087968b8b58a8669ecca95987ed3e3a6556920ee5b08b879bf
-
SHA512
f2f05b26523975230ef166e7702e8a5be740d10606abfd415e169ac2eb76cb8eadfc8304752121ef6ed402bf1f23ed964dbcfa12717f01d47bf29b46396b4516
-
SSDEEP
49152:NMsPWRTZlfpwaYS9mKfbB+VOQ1QU0HePZ0nGU17ylcovYpDp:CsPWRTffpwaYS9mKCPh2GI7ocCYJ
Static task
static1
Behavioral task
behavioral1
Sample
368290b4f6e2bb087968b8b58a8669ecca95987ed3e3a6556920ee5b08b879bf.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
368290b4f6e2bb087968b8b58a8669ecca95987ed3e3a6556920ee5b08b879bf.exe
-
Size
2.7MB
-
MD5
189d6ea566ac096c76139b59ee5114a2
-
SHA1
8afa908703ee5d4210bfad9e4df841d87659735d
-
SHA256
368290b4f6e2bb087968b8b58a8669ecca95987ed3e3a6556920ee5b08b879bf
-
SHA512
f2f05b26523975230ef166e7702e8a5be740d10606abfd415e169ac2eb76cb8eadfc8304752121ef6ed402bf1f23ed964dbcfa12717f01d47bf29b46396b4516
-
SSDEEP
49152:NMsPWRTZlfpwaYS9mKfbB+VOQ1QU0HePZ0nGU17ylcovYpDp:CsPWRTffpwaYS9mKCPh2GI7ocCYJ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2