General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241120-2zh29szmal
-
MD5
4f81adb16188c2402a2ce07599fa12b3
-
SHA1
9bc9bbb584dc4014a251e6154bbd90764b3ad451
-
SHA256
cc864ee54e24e3e2f32fdeec90bb34153f09919ab506b8278ff4d75b84a772f2
-
SHA512
b71772134011ae45963fab31eac87603df3770cb9e84089d2b0ea0b3d5606004a396e496bd79875285421023e837ee489abcb1896b89c5a56d0200a99ca2ad38
-
SSDEEP
49152:oXo2ZQdoOIDnQawjl/r3vxJDY6svLmaZ:oXo2ZQd3IzQ/jl/r3rstnZ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
4f81adb16188c2402a2ce07599fa12b3
-
SHA1
9bc9bbb584dc4014a251e6154bbd90764b3ad451
-
SHA256
cc864ee54e24e3e2f32fdeec90bb34153f09919ab506b8278ff4d75b84a772f2
-
SHA512
b71772134011ae45963fab31eac87603df3770cb9e84089d2b0ea0b3d5606004a396e496bd79875285421023e837ee489abcb1896b89c5a56d0200a99ca2ad38
-
SSDEEP
49152:oXo2ZQdoOIDnQawjl/r3vxJDY6svLmaZ:oXo2ZQd3IzQ/jl/r3rstnZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2