General
-
Target
e8b01bcbbcd754dfd9f6ec262fa5a47567764141f1684731b02209e56850a39b.exe
-
Size
2.7MB
-
Sample
241120-d9c21avmdl
-
MD5
b3517ef5cd9dc889a546b165b51d823e
-
SHA1
86adda45e916e60ab18dc494064449f427801132
-
SHA256
e8b01bcbbcd754dfd9f6ec262fa5a47567764141f1684731b02209e56850a39b
-
SHA512
d7e92de744e5eca583692961dd6466370a9dbc4cb4e9611b5048d1d4a25bebeef06e87b00543edf5fc1d210ed654eb549c16a38dd3c8d00c358dae968b0767b9
-
SSDEEP
49152:fgDG1aUIp2WI5IakCfb3JrtJtS+sA9U8ifk0hmHBf:oDG1aUIp2WI5IakCfb3htJtRsA9ofkAw
Malware Config
Targets
-
-
Target
e8b01bcbbcd754dfd9f6ec262fa5a47567764141f1684731b02209e56850a39b.exe
-
Size
2.7MB
-
MD5
b3517ef5cd9dc889a546b165b51d823e
-
SHA1
86adda45e916e60ab18dc494064449f427801132
-
SHA256
e8b01bcbbcd754dfd9f6ec262fa5a47567764141f1684731b02209e56850a39b
-
SHA512
d7e92de744e5eca583692961dd6466370a9dbc4cb4e9611b5048d1d4a25bebeef06e87b00543edf5fc1d210ed654eb549c16a38dd3c8d00c358dae968b0767b9
-
SSDEEP
49152:fgDG1aUIp2WI5IakCfb3JrtJtS+sA9U8ifk0hmHBf:oDG1aUIp2WI5IakCfb3htJtRsA9ofkAw
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2