General

  • Target

    f1e8cf3de1aea025924dcb35453a560bfb0276f319c8d18b96ae4e60d3518045.exe

  • Size

    4.2MB

  • Sample

    241117-rgs5eawldp

  • MD5

    ee1a8dfe4d670146cab8b89d2ecc7c56

  • SHA1

    5bae91df317305aa0b17afe3f0abac339c2274f1

  • SHA256

    f1e8cf3de1aea025924dcb35453a560bfb0276f319c8d18b96ae4e60d3518045

  • SHA512

    65c181636a2a742d3d7201452fe06e6505306c23700676a52c38509355a9e6212c740542d65e39155fa80cf140ea0100e52547751ab0b2d7a1ad2a3014b713e1

  • SSDEEP

    98304:Ibvvu8rRWL1Z6VGEh20ULqSQgdyUwqi/o5CE5HuSPe577G:cnud19C2l2gdyTcCSdA7

Score
9/10

Malware Config

Targets

    • Target

      f1e8cf3de1aea025924dcb35453a560bfb0276f319c8d18b96ae4e60d3518045.exe

    • Size

      4.2MB

    • MD5

      ee1a8dfe4d670146cab8b89d2ecc7c56

    • SHA1

      5bae91df317305aa0b17afe3f0abac339c2274f1

    • SHA256

      f1e8cf3de1aea025924dcb35453a560bfb0276f319c8d18b96ae4e60d3518045

    • SHA512

      65c181636a2a742d3d7201452fe06e6505306c23700676a52c38509355a9e6212c740542d65e39155fa80cf140ea0100e52547751ab0b2d7a1ad2a3014b713e1

    • SSDEEP

      98304:Ibvvu8rRWL1Z6VGEh20ULqSQgdyUwqi/o5CE5HuSPe577G:cnud19C2l2gdyTcCSdA7

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks