General
-
Target
007a61f6d9094eb6483efcbcbf380afce6f68a67f93921d4c8112eab52febb36.exe
-
Size
1.8MB
-
Sample
241119-x3ef2a1fpn
-
MD5
f5933f05bf7c3947705f6ab8f8d55be5
-
SHA1
e8eab1d991f26150d4263e090473d6bdda1f06a5
-
SHA256
007a61f6d9094eb6483efcbcbf380afce6f68a67f93921d4c8112eab52febb36
-
SHA512
4b3f67785ebddf633134cd9d6fb77bc7034107dd5feda20093c154c6bb2f81712a1fcb375151d2075278238ae283df2804c7d13a3f2be02c229376cb9d382b87
-
SSDEEP
24576:ZdTL1PtfPwl8LppNG+1aBVw4zvYJNF0ka3+fQEs9s7+Vjz3LCAjdjJHK:ZRJhI+VHGQaBy4zaNqk60QxPjY
Malware Config
Targets
-
-
Target
007a61f6d9094eb6483efcbcbf380afce6f68a67f93921d4c8112eab52febb36.exe
-
Size
1.8MB
-
MD5
f5933f05bf7c3947705f6ab8f8d55be5
-
SHA1
e8eab1d991f26150d4263e090473d6bdda1f06a5
-
SHA256
007a61f6d9094eb6483efcbcbf380afce6f68a67f93921d4c8112eab52febb36
-
SHA512
4b3f67785ebddf633134cd9d6fb77bc7034107dd5feda20093c154c6bb2f81712a1fcb375151d2075278238ae283df2804c7d13a3f2be02c229376cb9d382b87
-
SSDEEP
24576:ZdTL1PtfPwl8LppNG+1aBVw4zvYJNF0ka3+fQEs9s7+Vjz3LCAjdjJHK:ZRJhI+VHGQaBy4zaNqk60QxPjY
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2