General
-
Target
46c49c5cec04ab651724cdcfc1063224fafee62c8f6016bcb663b78d7c918601.exe
-
Size
1.8MB
-
Sample
241119-ydlpgswlbk
-
MD5
6da37fc2d9f8b000ea01bdb0815082ca
-
SHA1
f24ebba567d899374bb93b1bdfe4d81b91dd5efe
-
SHA256
46c49c5cec04ab651724cdcfc1063224fafee62c8f6016bcb663b78d7c918601
-
SHA512
0cb0d802c01963122c077e170534efd10ce5ec17c2c2d6529847c44cd42b78e97d8dfc0ef7f8b46693c80d158bae59b23efbaf2fccaabb4b878310c3c2e9ab6b
-
SSDEEP
49152:umkNJuWA4Hf1J4+y+RxHgEIQZFKgdTm6x9PkZ3I:umkN9ZHf1hyQxHgEltdbjI4
Malware Config
Targets
-
-
Target
46c49c5cec04ab651724cdcfc1063224fafee62c8f6016bcb663b78d7c918601.exe
-
Size
1.8MB
-
MD5
6da37fc2d9f8b000ea01bdb0815082ca
-
SHA1
f24ebba567d899374bb93b1bdfe4d81b91dd5efe
-
SHA256
46c49c5cec04ab651724cdcfc1063224fafee62c8f6016bcb663b78d7c918601
-
SHA512
0cb0d802c01963122c077e170534efd10ce5ec17c2c2d6529847c44cd42b78e97d8dfc0ef7f8b46693c80d158bae59b23efbaf2fccaabb4b878310c3c2e9ab6b
-
SSDEEP
49152:umkNJuWA4Hf1J4+y+RxHgEIQZFKgdTm6x9PkZ3I:umkN9ZHf1hyQxHgEltdbjI4
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2