General

  • Target

    file.exe

  • Size

    2.6MB

  • Sample

    241117-k2qfpa1jdp

  • MD5

    20d45eddc965d7714b3412a9bf7ebe7e

  • SHA1

    888e3f63a63cef84f8b4deb3ef570967725766af

  • SHA256

    fcc5177127503eb837af31d6d1c483ad753da3c863c415224cc0c3b31911b331

  • SHA512

    441911b9d3dbdac8a530420b40e7f4ebe7e9a3b68daab44156aa8a0c230267d7c8df9cc3aaf97c485d4969d6d63f33eeff88315dc0026bce68740cd4e977baff

  • SSDEEP

    49152:jUK2VOkv6nT1rIxDSw9rYqKA5KBG25aufjCZ+k15jli:t2V76nT1rGDSIsBG8fjqn5Ri

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.6MB

    • MD5

      20d45eddc965d7714b3412a9bf7ebe7e

    • SHA1

      888e3f63a63cef84f8b4deb3ef570967725766af

    • SHA256

      fcc5177127503eb837af31d6d1c483ad753da3c863c415224cc0c3b31911b331

    • SHA512

      441911b9d3dbdac8a530420b40e7f4ebe7e9a3b68daab44156aa8a0c230267d7c8df9cc3aaf97c485d4969d6d63f33eeff88315dc0026bce68740cd4e977baff

    • SSDEEP

      49152:jUK2VOkv6nT1rIxDSw9rYqKA5KBG25aufjCZ+k15jli:t2V76nT1rGDSIsBG8fjqn5Ri

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks