General
-
Target
GJHC9_file.exe
-
Size
2.7MB
-
Sample
241120-gjv2nsxker
-
MD5
42608c1c4df4b800d8223aea5b87afd7
-
SHA1
f375394361a7d8d2bda4d1a8b2238e5755c98f43
-
SHA256
9488ec19ea04184e8fc915f5c47ba299466e995d92291731e3ad699981160ef6
-
SHA512
448db9ed7feeb81b374afec2c0e346dcbc7d47189615b9c5f2276829cc9a62ef3a907b1f6a8b603e6644db6fa77db9548b10af240c5cae4609baf7e28e62aca7
-
SSDEEP
24576:tXMV6CoP6vvXgNWXd868DXBCoROsn8U7JJBfdeJeJQgumqPnddD0iFxhJjlewiWP:tc4P6HXgkWworddxGrY0leHW2
Malware Config
Targets
-
-
Target
GJHC9_file.exe
-
Size
2.7MB
-
MD5
42608c1c4df4b800d8223aea5b87afd7
-
SHA1
f375394361a7d8d2bda4d1a8b2238e5755c98f43
-
SHA256
9488ec19ea04184e8fc915f5c47ba299466e995d92291731e3ad699981160ef6
-
SHA512
448db9ed7feeb81b374afec2c0e346dcbc7d47189615b9c5f2276829cc9a62ef3a907b1f6a8b603e6644db6fa77db9548b10af240c5cae4609baf7e28e62aca7
-
SSDEEP
24576:tXMV6CoP6vvXgNWXd868DXBCoROsn8U7JJBfdeJeJQgumqPnddD0iFxhJjlewiWP:tc4P6HXgkWworddxGrY0leHW2
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2