General

  • Target

    file.exe

  • Size

    2.6MB

  • Sample

    241120-2zh29szmal

  • MD5

    4f81adb16188c2402a2ce07599fa12b3

  • SHA1

    9bc9bbb584dc4014a251e6154bbd90764b3ad451

  • SHA256

    cc864ee54e24e3e2f32fdeec90bb34153f09919ab506b8278ff4d75b84a772f2

  • SHA512

    b71772134011ae45963fab31eac87603df3770cb9e84089d2b0ea0b3d5606004a396e496bd79875285421023e837ee489abcb1896b89c5a56d0200a99ca2ad38

  • SSDEEP

    49152:oXo2ZQdoOIDnQawjl/r3vxJDY6svLmaZ:oXo2ZQd3IzQ/jl/r3rstnZ

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.6MB

    • MD5

      4f81adb16188c2402a2ce07599fa12b3

    • SHA1

      9bc9bbb584dc4014a251e6154bbd90764b3ad451

    • SHA256

      cc864ee54e24e3e2f32fdeec90bb34153f09919ab506b8278ff4d75b84a772f2

    • SHA512

      b71772134011ae45963fab31eac87603df3770cb9e84089d2b0ea0b3d5606004a396e496bd79875285421023e837ee489abcb1896b89c5a56d0200a99ca2ad38

    • SSDEEP

      49152:oXo2ZQdoOIDnQawjl/r3vxJDY6svLmaZ:oXo2ZQd3IzQ/jl/r3rstnZ

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks