General

  • Target

    d101a3ab758fbdd7964bdfe3fc4261628f096468597b4dff9027a60d13c951b3

  • Size

    3.0MB

  • Sample

    241117-rk8n9s1hlc

  • MD5

    5a374b51d43cf807c59a3ef6b92bbe81

  • SHA1

    ced44019acd1464610cfa2329abd1d439407b431

  • SHA256

    d101a3ab758fbdd7964bdfe3fc4261628f096468597b4dff9027a60d13c951b3

  • SHA512

    527e6f07f07ca2cbd34cd3eb9363a5ea3ccf732777b728d765ddaf11db400984bb62c90611c5f11b96f638166013eabbc7d3144991b78ac709ba466ac54e3ef0

  • SSDEEP

    98304:ZJ/1P1Y/JjHKjgL5dmYk/PwlO09DgLCQ+0:ZJ/1AJk/Pdm

Score
9/10

Malware Config

Targets

    • Target

      d101a3ab758fbdd7964bdfe3fc4261628f096468597b4dff9027a60d13c951b3

    • Size

      3.0MB

    • MD5

      5a374b51d43cf807c59a3ef6b92bbe81

    • SHA1

      ced44019acd1464610cfa2329abd1d439407b431

    • SHA256

      d101a3ab758fbdd7964bdfe3fc4261628f096468597b4dff9027a60d13c951b3

    • SHA512

      527e6f07f07ca2cbd34cd3eb9363a5ea3ccf732777b728d765ddaf11db400984bb62c90611c5f11b96f638166013eabbc7d3144991b78ac709ba466ac54e3ef0

    • SSDEEP

      98304:ZJ/1P1Y/JjHKjgL5dmYk/PwlO09DgLCQ+0:ZJ/1AJk/Pdm

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks