Overview

overview

9

Static

static

3

d36076dd52...3d.exe

windows7-x64

9

d36076dd52...3d.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d36076dd526cd4c8de395325c2874f97fd43ca1e4159ccae0fe4178df3c3443d.exe

  • Size

    1.7MB

  • Sample

    241119-xe5y3szejf

  • MD5

    b6ef4ea12a5294d7a0de521f5b8635b4

  • SHA1

    97dd62a087b83c6e82c35e9244ab414c591c0f5d

  • SHA256

    d36076dd526cd4c8de395325c2874f97fd43ca1e4159ccae0fe4178df3c3443d

  • SHA512

    10939f5004b2bee8ae29e81aee1f0ea55ab803e143e6db1e7bfab3c8d88f2d1504f78bb965eb4a442d98df6468886cf2522fdda2fa027ea34562e83f367e9cd2

  • SSDEEP

    49152:wSqPi0OwInKWlSWIyLtu2ykX6Fd/MfKdYhulGI:wSqPi0O3KJWIy27n/MfEmuP

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      d36076dd526cd4c8de395325c2874f97fd43ca1e4159ccae0fe4178df3c3443d.exe

    • Size

      1.7MB

    • MD5

      b6ef4ea12a5294d7a0de521f5b8635b4

    • SHA1

      97dd62a087b83c6e82c35e9244ab414c591c0f5d

    • SHA256

      d36076dd526cd4c8de395325c2874f97fd43ca1e4159ccae0fe4178df3c3443d

    • SHA512

      10939f5004b2bee8ae29e81aee1f0ea55ab803e143e6db1e7bfab3c8d88f2d1504f78bb965eb4a442d98df6468886cf2522fdda2fa027ea34562e83f367e9cd2

    • SSDEEP

      49152:wSqPi0OwInKWlSWIyLtu2ykX6Fd/MfKdYhulGI:wSqPi0O3KJWIy27n/MfEmuP

    Score
    9/10
    discoveryevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks