General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241117-lwmnaawpbs
-
MD5
d5a097e2c5b55b7ca6b22bf9fd96d717
-
SHA1
aee08c0ddef01c56a826a2faee6e1b544bef85e7
-
SHA256
d4a10b84c304e33fd95eb3b82c870247fb4ab107ef67acad177c5f4b16222c48
-
SHA512
34ce0e3884b6373c791af89af1033fa0606553616222bfd7f37996d3084a1a4c11da4ece56db3b74421fcc24277dc94c48921069b05e586d6b9858522daef936
-
SSDEEP
49152:7tk00GhygfDixX5iXZeyX1umXsmu85Bs1YD:7600Gwgf2xXkJdX1umdu8zEYD
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
d5a097e2c5b55b7ca6b22bf9fd96d717
-
SHA1
aee08c0ddef01c56a826a2faee6e1b544bef85e7
-
SHA256
d4a10b84c304e33fd95eb3b82c870247fb4ab107ef67acad177c5f4b16222c48
-
SHA512
34ce0e3884b6373c791af89af1033fa0606553616222bfd7f37996d3084a1a4c11da4ece56db3b74421fcc24277dc94c48921069b05e586d6b9858522daef936
-
SSDEEP
49152:7tk00GhygfDixX5iXZeyX1umXsmu85Bs1YD:7600Gwgf2xXkJdX1umdu8zEYD
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2