General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241117-s9b72axpaq
-
MD5
8ae048be65ef4f7e0bb62f4376624250
-
SHA1
0be9d4a59a9948d88093aea6cf21573e7483c701
-
SHA256
edcd24c6c8cb8561fea63e3f7be938f96b55408e284caaac9c00da0deeb63417
-
SHA512
07488987b1ea8128621cb75f8b923581a12e697569edf5b50e84b7d06b3459f2399f29f5a769dc05a300868b2a920c9ebd45435d04c22616fad20c3c7093b379
-
SSDEEP
49152:GhScm0fYq6vxPnKAE+qRHOKqITgSGhM/rdIwt:sScm0fN6vxPKXd5OSUx6/rd
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
8ae048be65ef4f7e0bb62f4376624250
-
SHA1
0be9d4a59a9948d88093aea6cf21573e7483c701
-
SHA256
edcd24c6c8cb8561fea63e3f7be938f96b55408e284caaac9c00da0deeb63417
-
SHA512
07488987b1ea8128621cb75f8b923581a12e697569edf5b50e84b7d06b3459f2399f29f5a769dc05a300868b2a920c9ebd45435d04c22616fad20c3c7093b379
-
SSDEEP
49152:GhScm0fYq6vxPnKAE+qRHOKqITgSGhM/rdIwt:sScm0fN6vxPKXd5OSUx6/rd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2