General
-
Target
f4ba3d3aa5b64cc496ca3915949d96af6169b71086d113874c874c9e8514f153.exe
-
Size
1.8MB
-
Sample
241119-xqvx9azfrf
-
MD5
58332cf9f8888c47d2d3b0234246df7a
-
SHA1
7987313538d50e6c990542e605bcd37a484ae37e
-
SHA256
f4ba3d3aa5b64cc496ca3915949d96af6169b71086d113874c874c9e8514f153
-
SHA512
e25646039fa21f47a9b95d083d590e458e779f4f921bfa2617dd047c0e8a589a08eb8084b1f9b3c96264ac8cccea539fe54c9da661544372ff9f25bf2bc2c3c3
-
SSDEEP
49152:c2HalqW3kd1zzq+4Xqm44exJz4t51a5zeB3fD:c26kp1/qHq3xlI58G7
Malware Config
Targets
-
-
Target
f4ba3d3aa5b64cc496ca3915949d96af6169b71086d113874c874c9e8514f153.exe
-
Size
1.8MB
-
MD5
58332cf9f8888c47d2d3b0234246df7a
-
SHA1
7987313538d50e6c990542e605bcd37a484ae37e
-
SHA256
f4ba3d3aa5b64cc496ca3915949d96af6169b71086d113874c874c9e8514f153
-
SHA512
e25646039fa21f47a9b95d083d590e458e779f4f921bfa2617dd047c0e8a589a08eb8084b1f9b3c96264ac8cccea539fe54c9da661544372ff9f25bf2bc2c3c3
-
SSDEEP
49152:c2HalqW3kd1zzq+4Xqm44exJz4t51a5zeB3fD:c26kp1/qHq3xlI58G7
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2