General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241117-k2qfpa1jdp
-
MD5
20d45eddc965d7714b3412a9bf7ebe7e
-
SHA1
888e3f63a63cef84f8b4deb3ef570967725766af
-
SHA256
fcc5177127503eb837af31d6d1c483ad753da3c863c415224cc0c3b31911b331
-
SHA512
441911b9d3dbdac8a530420b40e7f4ebe7e9a3b68daab44156aa8a0c230267d7c8df9cc3aaf97c485d4969d6d63f33eeff88315dc0026bce68740cd4e977baff
-
SSDEEP
49152:jUK2VOkv6nT1rIxDSw9rYqKA5KBG25aufjCZ+k15jli:t2V76nT1rGDSIsBG8fjqn5Ri
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
20d45eddc965d7714b3412a9bf7ebe7e
-
SHA1
888e3f63a63cef84f8b4deb3ef570967725766af
-
SHA256
fcc5177127503eb837af31d6d1c483ad753da3c863c415224cc0c3b31911b331
-
SHA512
441911b9d3dbdac8a530420b40e7f4ebe7e9a3b68daab44156aa8a0c230267d7c8df9cc3aaf97c485d4969d6d63f33eeff88315dc0026bce68740cd4e977baff
-
SSDEEP
49152:jUK2VOkv6nT1rIxDSw9rYqKA5KBG25aufjCZ+k15jli:t2V76nT1rGDSIsBG8fjqn5Ri
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2