7d3656a65354e10792063a3ebb9e09aa322944131ac13d7e6fde8b08c73b9b40 | Triage

Sharing

General

Target

7d3656a65354e10792063a3ebb9e09aa322944131ac13d7e6fde8b08c73b9b40.exe
Size

2.6MB
Sample

241119-wjtwyazelk
MD5

59d52918f0f9c24af6de75b6f6b0c2e8
SHA1

d2da089798a3d9b514354c91a914ce6f29d58c64
SHA256

7d3656a65354e10792063a3ebb9e09aa322944131ac13d7e6fde8b08c73b9b40
SHA512

0ba94ea0296c7bfc7e77fcea1732a8733f59492daf572ab27001eed2ba602eafac0f90297d4dc6b1dc8c4465630d376883877ceaf8554e31f961119e077b7ab3
SSDEEP

49152:Ik0lKl84k7tEHfcdddY1RiawhlPHPYLShKh1bryZ2ezpMY:Ik0lKlfk7tEHfKddY176lHPZKrytMY

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  7d3656a65354e10792063a3ebb9e09aa322944131ac13d7e6fde8b08c73b9b40.exe
- Size
  
  2.6MB
- MD5
  
  59d52918f0f9c24af6de75b6f6b0c2e8
- SHA1
  
  d2da089798a3d9b514354c91a914ce6f29d58c64
- SHA256
  
  7d3656a65354e10792063a3ebb9e09aa322944131ac13d7e6fde8b08c73b9b40
- SHA512
  
  0ba94ea0296c7bfc7e77fcea1732a8733f59492daf572ab27001eed2ba602eafac0f90297d4dc6b1dc8c4465630d376883877ceaf8554e31f961119e077b7ab3
- SSDEEP
  
  49152:Ik0lKl84k7tEHfcdddY1RiawhlPHPYLShKh1bryZ2ezpMY:Ik0lKlfk7tEHfKddY176lHPZKrytMY
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan