General

  • Target

    file.exe

  • Size

    2.7MB

  • Sample

    241117-lwmnaawpbs

  • MD5

    d5a097e2c5b55b7ca6b22bf9fd96d717

  • SHA1

    aee08c0ddef01c56a826a2faee6e1b544bef85e7

  • SHA256

    d4a10b84c304e33fd95eb3b82c870247fb4ab107ef67acad177c5f4b16222c48

  • SHA512

    34ce0e3884b6373c791af89af1033fa0606553616222bfd7f37996d3084a1a4c11da4ece56db3b74421fcc24277dc94c48921069b05e586d6b9858522daef936

  • SSDEEP

    49152:7tk00GhygfDixX5iXZeyX1umXsmu85Bs1YD:7600Gwgf2xXkJdX1umdu8zEYD

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.7MB

    • MD5

      d5a097e2c5b55b7ca6b22bf9fd96d717

    • SHA1

      aee08c0ddef01c56a826a2faee6e1b544bef85e7

    • SHA256

      d4a10b84c304e33fd95eb3b82c870247fb4ab107ef67acad177c5f4b16222c48

    • SHA512

      34ce0e3884b6373c791af89af1033fa0606553616222bfd7f37996d3084a1a4c11da4ece56db3b74421fcc24277dc94c48921069b05e586d6b9858522daef936

    • SSDEEP

      49152:7tk00GhygfDixX5iXZeyX1umXsmu85Bs1YD:7600Gwgf2xXkJdX1umdu8zEYD

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks