General
-
Target
728e79c57720e664221be480952f65e2b2e1c1958395aa7b557f9f2bc8bfd9b7.exe
-
Size
2.7MB
-
Sample
241119-wg1lpszdrm
-
MD5
752d65cf7d8ee23bd646eba685db801d
-
SHA1
5716d1ddac721fedffe9cc5966267b982e7f88d4
-
SHA256
728e79c57720e664221be480952f65e2b2e1c1958395aa7b557f9f2bc8bfd9b7
-
SHA512
6b2760c09d04b1c94307f4c24f6abec3b37342eeab1f5c1be87cfad14f42d747f9a374d7886714725fc32e3251098cdbc763e73abd751f0e8b33a0f5f1d82c2a
-
SSDEEP
49152:klrC0Mw3RxtSCM9U8oE122jNpUXbuC06MM:klrrDhxtK82v/k
Malware Config
Targets
-
-
Target
728e79c57720e664221be480952f65e2b2e1c1958395aa7b557f9f2bc8bfd9b7.exe
-
Size
2.7MB
-
MD5
752d65cf7d8ee23bd646eba685db801d
-
SHA1
5716d1ddac721fedffe9cc5966267b982e7f88d4
-
SHA256
728e79c57720e664221be480952f65e2b2e1c1958395aa7b557f9f2bc8bfd9b7
-
SHA512
6b2760c09d04b1c94307f4c24f6abec3b37342eeab1f5c1be87cfad14f42d747f9a374d7886714725fc32e3251098cdbc763e73abd751f0e8b33a0f5f1d82c2a
-
SSDEEP
49152:klrC0Mw3RxtSCM9U8oE122jNpUXbuC06MM:klrrDhxtK82v/k
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2