General
-
Target
b49fb8057d485183e817fe73aad719d5fa8d206fcfed93e4d71bf5aa1adac51a.exe
-
Size
2.7MB
-
Sample
241119-w1gb6szcjh
-
MD5
1b2aa6cb19727b3d1fa0b7b4b11a42bf
-
SHA1
14e5bd6e19e6362da6a85179b94db0db8e57fc2c
-
SHA256
b49fb8057d485183e817fe73aad719d5fa8d206fcfed93e4d71bf5aa1adac51a
-
SHA512
f1cefac5314dec2554c46ec451c237a390d6d72f63f2546e582a5876910b79491304aab8c9ee1fa6577038a6da51cb1d9546568cde9d8b445b2262ae9e96fb62
-
SSDEEP
49152:PvLiuj0Lhz3LnAoNR8Kr6PDjFpypLzDVm9HOE/h:Pmuj0Lhz3LTqjKpvDVm9HOE/h
Malware Config
Targets
-
-
Target
b49fb8057d485183e817fe73aad719d5fa8d206fcfed93e4d71bf5aa1adac51a.exe
-
Size
2.7MB
-
MD5
1b2aa6cb19727b3d1fa0b7b4b11a42bf
-
SHA1
14e5bd6e19e6362da6a85179b94db0db8e57fc2c
-
SHA256
b49fb8057d485183e817fe73aad719d5fa8d206fcfed93e4d71bf5aa1adac51a
-
SHA512
f1cefac5314dec2554c46ec451c237a390d6d72f63f2546e582a5876910b79491304aab8c9ee1fa6577038a6da51cb1d9546568cde9d8b445b2262ae9e96fb62
-
SSDEEP
49152:PvLiuj0Lhz3LnAoNR8Kr6PDjFpypLzDVm9HOE/h:Pmuj0Lhz3LTqjKpvDVm9HOE/h
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2