General
-
Target
59005a03ebb5ce00776274f4fc69cc987a97a8cce1887223f89b7919070759e8.exe
-
Size
2.6MB
-
Sample
241119-waarpsymg1
-
MD5
0647ccdfb8e2f030dc47cdc326a175df
-
SHA1
d8b7ea843037eed5043d866727f0117a34c4167b
-
SHA256
59005a03ebb5ce00776274f4fc69cc987a97a8cce1887223f89b7919070759e8
-
SHA512
8e027ab7002e93a9a5e1e1a75fb947518f2d430468b89fbb27ec15fc18cb14cd673a928fb051147a731c02e6ba5a1be09206d2e67deeb70d2b99fd98878fdfae
-
SSDEEP
49152:a5oUxxPa+ebAEwGDLjyYs4RDlR4Kd498Q27pJ:KdxxPzebAzGDLjvs4RDlRj4/wpJ
Malware Config
Targets
-
-
Target
59005a03ebb5ce00776274f4fc69cc987a97a8cce1887223f89b7919070759e8.exe
-
Size
2.6MB
-
MD5
0647ccdfb8e2f030dc47cdc326a175df
-
SHA1
d8b7ea843037eed5043d866727f0117a34c4167b
-
SHA256
59005a03ebb5ce00776274f4fc69cc987a97a8cce1887223f89b7919070759e8
-
SHA512
8e027ab7002e93a9a5e1e1a75fb947518f2d430468b89fbb27ec15fc18cb14cd673a928fb051147a731c02e6ba5a1be09206d2e67deeb70d2b99fd98878fdfae
-
SSDEEP
49152:a5oUxxPa+ebAEwGDLjyYs4RDlR4Kd498Q27pJ:KdxxPzebAzGDLjvs4RDlRj4/wpJ
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2