fb5cf46f0c116844c00117da6dc66c5782d88544aaacddfff305254992254bc0 | Triage

Sharing

General

Target

fb5cf46f0c116844c00117da6dc66c5782d88544aaacddfff305254992254bc0.exe
Size

2.7MB
Sample

241120-kcz9latfjh
MD5

6b35050f1f4e5a9c377137ce1f99238b
SHA1

a561b0bc0ee6e5d0384695dee5ea34b4ef5fc2ca
SHA256

fb5cf46f0c116844c00117da6dc66c5782d88544aaacddfff305254992254bc0
SHA512

614e1522e6d338bee5ff1c917b0a06a496c49455dbbcd2cc854806490364049c931964578ba9d92ea09f6fa59d8dee5fcf0b4c25d1bc9083b5234a34ac5b5d39
SSDEEP

49152:Sb2W7EETruY4lQysvXAtxi92jLYo6EGU0kM7na/nwMN1dYDddGAedDowym:Sb2W7EETrDvys/t0/wMN1dYDbGrX7

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  fb5cf46f0c116844c00117da6dc66c5782d88544aaacddfff305254992254bc0.exe
- Size
  
  2.7MB
- MD5
  
  6b35050f1f4e5a9c377137ce1f99238b
- SHA1
  
  a561b0bc0ee6e5d0384695dee5ea34b4ef5fc2ca
- SHA256
  
  fb5cf46f0c116844c00117da6dc66c5782d88544aaacddfff305254992254bc0
- SHA512
  
  614e1522e6d338bee5ff1c917b0a06a496c49455dbbcd2cc854806490364049c931964578ba9d92ea09f6fa59d8dee5fcf0b4c25d1bc9083b5234a34ac5b5d39
- SSDEEP
  
  49152:Sb2W7EETruY4lQysvXAtxi92jLYo6EGU0kM7na/nwMN1dYDddGAedDowym:Sb2W7EETrDvys/t0/wMN1dYDbGrX7
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan