9e4e59704d58914adb5704d1bf136690d9e1689a9a7a2bcaa9d1199e2f6c2d08 | Triage

Sharing

General

Target

9e4e59704d58914adb5704d1bf136690d9e1689a9a7a2bcaa9d1199e2f6c2d08.exe
Size

2.7MB
Sample

241120-dl46kstqhj
MD5

d1f0331a911dcf9632e8fc587c76592b
SHA1

c39154dda8ed4cddf753f7587d7eda57608c0b73
SHA256

9e4e59704d58914adb5704d1bf136690d9e1689a9a7a2bcaa9d1199e2f6c2d08
SHA512

26945803dbe5295fdfa6f45e2b03e507016cd160cf3c5a53925be5e6637779fe20489137df7c36ce3ae6ebe906f729bea8bc74519958d8e70f79297af8537149
SSDEEP

49152:souBU8uhuRsfixeQJl3CV6Q0ay+z/LAgUDEm3p:sZU8uhuq0CV6Iy+z/RUwu

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  9e4e59704d58914adb5704d1bf136690d9e1689a9a7a2bcaa9d1199e2f6c2d08.exe
- Size
  
  2.7MB
- MD5
  
  d1f0331a911dcf9632e8fc587c76592b
- SHA1
  
  c39154dda8ed4cddf753f7587d7eda57608c0b73
- SHA256
  
  9e4e59704d58914adb5704d1bf136690d9e1689a9a7a2bcaa9d1199e2f6c2d08
- SHA512
  
  26945803dbe5295fdfa6f45e2b03e507016cd160cf3c5a53925be5e6637779fe20489137df7c36ce3ae6ebe906f729bea8bc74519958d8e70f79297af8537149
- SSDEEP
  
  49152:souBU8uhuRsfixeQJl3CV6Q0ay+z/LAgUDEm3p:sZU8uhuq0CV6Iy+z/RUwu
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan