Overview

overview

9

Static

static

3

47aa8509d4...63.exe

windows7-x64

9

47aa8509d4...63.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47aa8509d4e98421fbe78409d1be22abb555909d104a48adfe8a0a4cfaede763.exe

  • Size

    1.8MB

  • Sample

    241119-ydxfzs1jht

  • MD5

    8b75694b5a8ed71e1bc91afe26c95634

  • SHA1

    51995a260218793f191fbc1f32ec627645fbf6e5

  • SHA256

    47aa8509d4e98421fbe78409d1be22abb555909d104a48adfe8a0a4cfaede763

  • SHA512

    e5a6999b7b73c953237a83a9d465ee413a0922458f97ff9cb48f85605a48e635db9089edb22d96d03e4a7f4eaef520fbadda2541428bcc2bce0d40c6a764a548

  • SSDEEP

    49152:IckZUr9IFPyZ+Syi7uxeora00vEeCF3oBSsbiM:FkZ16H7kezZvtCOS0

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      47aa8509d4e98421fbe78409d1be22abb555909d104a48adfe8a0a4cfaede763.exe

    • Size

      1.8MB

    • MD5

      8b75694b5a8ed71e1bc91afe26c95634

    • SHA1

      51995a260218793f191fbc1f32ec627645fbf6e5

    • SHA256

      47aa8509d4e98421fbe78409d1be22abb555909d104a48adfe8a0a4cfaede763

    • SHA512

      e5a6999b7b73c953237a83a9d465ee413a0922458f97ff9cb48f85605a48e635db9089edb22d96d03e4a7f4eaef520fbadda2541428bcc2bce0d40c6a764a548

    • SSDEEP

      49152:IckZUr9IFPyZ+Syi7uxeora00vEeCF3oBSsbiM:FkZ16H7kezZvtCOS0

    Score
    9/10
    discoveryevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks