General
-
Target
e201f8ddea2e43792f0cb4b4df74e6588cc4ed4ca3bba7432f2f0e9116ab9c9b
-
Size
3.0MB
-
Sample
241117-lsz47sxdpl
-
MD5
8a2ec2ffdf8ab213de19cdb467352c6e
-
SHA1
f5ff6ac1308d98a26603845f139a6186f0da800b
-
SHA256
e201f8ddea2e43792f0cb4b4df74e6588cc4ed4ca3bba7432f2f0e9116ab9c9b
-
SHA512
d3e3319831b35b4018b8016b04775daf67779e15dc8f9eec9af2b491d936cff493fcdb453178e999be23b1dbaa63d697d5a8f918725e978da79efbc4c2f1de3a
-
SSDEEP
49152:+YNQdv2kY132q0ePfwFiaucyUj4/fXj0nVi3in1:+Y2dv2kY1IkfwFiolWj0o3i1
Static task
static1
Behavioral task
behavioral1
Sample
e201f8ddea2e43792f0cb4b4df74e6588cc4ed4ca3bba7432f2f0e9116ab9c9b.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
e201f8ddea2e43792f0cb4b4df74e6588cc4ed4ca3bba7432f2f0e9116ab9c9b
-
Size
3.0MB
-
MD5
8a2ec2ffdf8ab213de19cdb467352c6e
-
SHA1
f5ff6ac1308d98a26603845f139a6186f0da800b
-
SHA256
e201f8ddea2e43792f0cb4b4df74e6588cc4ed4ca3bba7432f2f0e9116ab9c9b
-
SHA512
d3e3319831b35b4018b8016b04775daf67779e15dc8f9eec9af2b491d936cff493fcdb453178e999be23b1dbaa63d697d5a8f918725e978da79efbc4c2f1de3a
-
SSDEEP
49152:+YNQdv2kY132q0ePfwFiaucyUj4/fXj0nVi3in1:+Y2dv2kY1IkfwFiolWj0o3i1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2