97f216d9df691a78013f987310e83b8ac9ecf4417c394bb5d5c2b409cb31b40a | Triage

Sharing

General

Target

97f216d9df691a78013f987310e83b8ac9ecf4417c394bb5d5c2b409cb31b40aN.exe
Size

3.0MB
Sample

241119-p36lhswcpc
MD5

20d4c354d590014af968710370b93540
SHA1

fe0f96e8455479fc316d1c9542843ed6c78ab855
SHA256

97f216d9df691a78013f987310e83b8ac9ecf4417c394bb5d5c2b409cb31b40a
SHA512

d16533887c460557464783d06ec9c4985675cdfa5f8e6ffe1df687738ee0ac4b5c9836a692bbc9543877ee8e0445739cd09afae58f005a8cb5aa46b816e227e0
SSDEEP

49152:q5rbCJGYR3ea0e5najb1DtoWOpui8mJ6CnEvuE:qlgea0e5nyb1Dtogi8mJ6CnJ

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  97f216d9df691a78013f987310e83b8ac9ecf4417c394bb5d5c2b409cb31b40aN.exe
- Size
  
  3.0MB
- MD5
  
  20d4c354d590014af968710370b93540
- SHA1
  
  fe0f96e8455479fc316d1c9542843ed6c78ab855
- SHA256
  
  97f216d9df691a78013f987310e83b8ac9ecf4417c394bb5d5c2b409cb31b40a
- SHA512
  
  d16533887c460557464783d06ec9c4985675cdfa5f8e6ffe1df687738ee0ac4b5c9836a692bbc9543877ee8e0445739cd09afae58f005a8cb5aa46b816e227e0
- SSDEEP
  
  49152:q5rbCJGYR3ea0e5najb1DtoWOpui8mJ6CnEvuE:qlgea0e5nyb1Dtogi8mJ6CnJ
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion