General

  • Target

    6be7942114b5247d6f9d21eb732e3b19e4d58e3c59108587ccb77836ef119872

  • Size

    1.7MB

  • Sample

    241117-tf7mhstcnc

  • MD5

    41941fbaf66851ee946b637a86aa23fe

  • SHA1

    1a73b405198e11a99e0676421e97e7726b216868

  • SHA256

    6be7942114b5247d6f9d21eb732e3b19e4d58e3c59108587ccb77836ef119872

  • SHA512

    4c96f94f5c1d9c3de74de6f0fa95f974bc94ec2887dc10c1480cd2057bc6c92c0166f682609a0ab6381b7b31c593b808a7826af0f11d7ccb1fb4381f3f523d74

  • SSDEEP

    24576:Rju6kIDlNYG4J/GQNE0ZNSV3bijlF/5EfBb6U5p3g/Hh7cCpMiWPhDb7jXKuaK4O:R66tDlLseQ/S3mB+bZ5JBfXJ/nGMB

Score
9/10

Malware Config

Targets

    • Target

      6be7942114b5247d6f9d21eb732e3b19e4d58e3c59108587ccb77836ef119872

    • Size

      1.7MB

    • MD5

      41941fbaf66851ee946b637a86aa23fe

    • SHA1

      1a73b405198e11a99e0676421e97e7726b216868

    • SHA256

      6be7942114b5247d6f9d21eb732e3b19e4d58e3c59108587ccb77836ef119872

    • SHA512

      4c96f94f5c1d9c3de74de6f0fa95f974bc94ec2887dc10c1480cd2057bc6c92c0166f682609a0ab6381b7b31c593b808a7826af0f11d7ccb1fb4381f3f523d74

    • SSDEEP

      24576:Rju6kIDlNYG4J/GQNE0ZNSV3bijlF/5EfBb6U5p3g/Hh7cCpMiWPhDb7jXKuaK4O:R66tDlLseQ/S3mB+bZ5JBfXJ/nGMB

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks