General
-
Target
ab40068cf3de3a4fd407bd27aece529741d010ba7087ebd6fa6abd537a2fea38.exe
-
Size
2.7MB
-
Sample
241120-jm1sfaylar
-
MD5
db3b75d6b53bf0838f3a2d0c4f779fe9
-
SHA1
4d408de8732da975266535a74ce6a3c01a554768
-
SHA256
ab40068cf3de3a4fd407bd27aece529741d010ba7087ebd6fa6abd537a2fea38
-
SHA512
765cb01ebc5dd52fac64186a20e81f9ad23ec0dbdc0cf2651db1b1adafc1a6b55cb69a21512d7fdf514422737075c55b3a2714e3ef3273cac8591e2262dc8304
-
SSDEEP
49152:gPUnjc3x4ZEjPIUuc+UWf/79w5IcdOpC0MFdhmdYAq:g8njc3xRfDyD9w5LECHhQYX
Malware Config
Targets
-
-
Target
ab40068cf3de3a4fd407bd27aece529741d010ba7087ebd6fa6abd537a2fea38.exe
-
Size
2.7MB
-
MD5
db3b75d6b53bf0838f3a2d0c4f779fe9
-
SHA1
4d408de8732da975266535a74ce6a3c01a554768
-
SHA256
ab40068cf3de3a4fd407bd27aece529741d010ba7087ebd6fa6abd537a2fea38
-
SHA512
765cb01ebc5dd52fac64186a20e81f9ad23ec0dbdc0cf2651db1b1adafc1a6b55cb69a21512d7fdf514422737075c55b3a2714e3ef3273cac8591e2262dc8304
-
SSDEEP
49152:gPUnjc3x4ZEjPIUuc+UWf/79w5IcdOpC0MFdhmdYAq:g8njc3xRfDyD9w5LECHhQYX
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2