General
-
Target
d75c85cc482e76831346d065ece05c1bdb8d429a34e6f3354ebaba54fd77a03f.exe
-
Size
2.7MB
-
Sample
241119-xgy9bavnaq
-
MD5
98c9f297a3fc0fed53eb96725da46086
-
SHA1
624dc0cb56dd12fed4e66018e1b7fd902916d892
-
SHA256
d75c85cc482e76831346d065ece05c1bdb8d429a34e6f3354ebaba54fd77a03f
-
SHA512
ac15e38106149b8a7b9bb5d53a81738db31a8fe38d5a11cbf0811d6eecfb102751948a8d45ea36eceac9a8e2e9efa1c51135bf2b5a6164af3a4853174538fde9
-
SSDEEP
49152:epHXZoK9QVOZWDCErw/VrVfW7THifJMtRltwZ:epHXZtOVOZWVrwNpW7TCxse
Malware Config
Targets
-
-
Target
d75c85cc482e76831346d065ece05c1bdb8d429a34e6f3354ebaba54fd77a03f.exe
-
Size
2.7MB
-
MD5
98c9f297a3fc0fed53eb96725da46086
-
SHA1
624dc0cb56dd12fed4e66018e1b7fd902916d892
-
SHA256
d75c85cc482e76831346d065ece05c1bdb8d429a34e6f3354ebaba54fd77a03f
-
SHA512
ac15e38106149b8a7b9bb5d53a81738db31a8fe38d5a11cbf0811d6eecfb102751948a8d45ea36eceac9a8e2e9efa1c51135bf2b5a6164af3a4853174538fde9
-
SSDEEP
49152:epHXZoK9QVOZWDCErw/VrVfW7THifJMtRltwZ:epHXZtOVOZWVrwNpW7TCxse
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2