General
-
Target
236e258f18abfe4703967fa9636815eca37f14fc6b7db3fe28700f10e51e5e6a.exe
-
Size
1.8MB
-
Sample
241119-x7mm7s1blb
-
MD5
2a1b24fe9429c4f2f94f78e065b9d027
-
SHA1
5c4150b3b10414f7692e62813777572e67405a80
-
SHA256
236e258f18abfe4703967fa9636815eca37f14fc6b7db3fe28700f10e51e5e6a
-
SHA512
f75c87b40d8fef56827d8752db20016638138434dcb0a4aea9b8292ca8da27f87999cdac4dc9079817a65b84391adc57f4e7793140476e618ff2e2440020a73f
-
SSDEEP
24576:Pm6GS5CiqRymi/8/kCTNXSnUCM0VM5iDxVuLpykrizUEeHaYZgeu/y/7gdegxGtb:PF5C7yITvCI6/KIq6YZv5/Udxctb
Malware Config
Targets
-
-
Target
236e258f18abfe4703967fa9636815eca37f14fc6b7db3fe28700f10e51e5e6a.exe
-
Size
1.8MB
-
MD5
2a1b24fe9429c4f2f94f78e065b9d027
-
SHA1
5c4150b3b10414f7692e62813777572e67405a80
-
SHA256
236e258f18abfe4703967fa9636815eca37f14fc6b7db3fe28700f10e51e5e6a
-
SHA512
f75c87b40d8fef56827d8752db20016638138434dcb0a4aea9b8292ca8da27f87999cdac4dc9079817a65b84391adc57f4e7793140476e618ff2e2440020a73f
-
SSDEEP
24576:Pm6GS5CiqRymi/8/kCTNXSnUCM0VM5iDxVuLpykrizUEeHaYZgeu/y/7gdegxGtb:PF5C7yITvCI6/KIq6YZv5/Udxctb
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2