General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241117-rkca3a1kg1

  • MD5

    0255e4488ab4cbe25f1a9a43d47d251b

  • SHA1

    52246c3188a362fd122b9ff32594400a547f20bd

  • SHA256

    bdfad8af9f3ac8abac993303d124a93f823a10d4e3444be73230b691251d6e58

  • SHA512

    b5e447122126197d1e5cd6ace5fd9d95739df5805b452a58a8cacedf7ac73ac10abec01cc9c3e9fc43cbf8b5c3e3f11cc5dc8abc70ba90195594226de7617862

  • SSDEEP

    24576:YV1g328isJARDjjEw0LipQO6P3ODTTb01XZ/CJ3W4sbQ+xl0tz0EFb4:YV1GosgE0V6WDj0vCJGnQil0Z0q

Score
9/10

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      0255e4488ab4cbe25f1a9a43d47d251b

    • SHA1

      52246c3188a362fd122b9ff32594400a547f20bd

    • SHA256

      bdfad8af9f3ac8abac993303d124a93f823a10d4e3444be73230b691251d6e58

    • SHA512

      b5e447122126197d1e5cd6ace5fd9d95739df5805b452a58a8cacedf7ac73ac10abec01cc9c3e9fc43cbf8b5c3e3f11cc5dc8abc70ba90195594226de7617862

    • SSDEEP

      24576:YV1g328isJARDjjEw0LipQO6P3ODTTb01XZ/CJ3W4sbQ+xl0tz0EFb4:YV1GosgE0V6WDj0vCJGnQil0Z0q

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks