General

  • Target

    file.exe

  • Size

    2.6MB

  • Sample

    241120-16fp2syqem

  • MD5

    4eaf57719a7966e309e186bf63a8f6cc

  • SHA1

    2aabbcec70113e272872957c7858683d05dbd5ab

  • SHA256

    0b6d2c28e5c14e954b58dcbe0ff777de0312abfaf5f463a55fb9fc0f631dc3b0

  • SHA512

    9a6c3c9cd8c863ea13fbe163e5601cddb7aa813e0165e4e95f3aa6791a5562ca406198b64818a07852b0412ce798fef910c7ad026ce73d359f75539225fc01c1

  • SSDEEP

    49152:o4DSTMFQcnj/pkLzJBs9q1qIBKO1rsdN0L63t4l:o4DSTMFQcnjqnJm9q1qIs+rsdq0Sl

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.6MB

    • MD5

      4eaf57719a7966e309e186bf63a8f6cc

    • SHA1

      2aabbcec70113e272872957c7858683d05dbd5ab

    • SHA256

      0b6d2c28e5c14e954b58dcbe0ff777de0312abfaf5f463a55fb9fc0f631dc3b0

    • SHA512

      9a6c3c9cd8c863ea13fbe163e5601cddb7aa813e0165e4e95f3aa6791a5562ca406198b64818a07852b0412ce798fef910c7ad026ce73d359f75539225fc01c1

    • SSDEEP

      49152:o4DSTMFQcnj/pkLzJBs9q1qIBKO1rsdN0L63t4l:o4DSTMFQcnjqnJm9q1qIs+rsdq0Sl

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks