General
-
Target
afcc403016c3fbbb10e732010bbc93854c1e1be63df48c91901acd7e05aa0e2c
-
Size
2.6MB
-
Sample
241120-mpp1hazpap
-
MD5
333b260426a661dcadd5c016ab149ecb
-
SHA1
0f87cec4227cf24cdea86a82b632d45488875e77
-
SHA256
afcc403016c3fbbb10e732010bbc93854c1e1be63df48c91901acd7e05aa0e2c
-
SHA512
9e53484a98183723e63359ea714dea7b48d0ef43ae26a426fb0889dc1320b3b57f3876546ed4c49284cc79ab52f0b240954eb16b8be3ca392570d7010872b458
-
SSDEEP
49152:6jb3j1kXfkYRoRPxTUo+Fe59czFy0VuKxtTGMcq34r:6nj1kPkYRodxTUoWU9j0oKzTvY
Malware Config
Targets
-
-
Target
afcc403016c3fbbb10e732010bbc93854c1e1be63df48c91901acd7e05aa0e2c
-
Size
2.6MB
-
MD5
333b260426a661dcadd5c016ab149ecb
-
SHA1
0f87cec4227cf24cdea86a82b632d45488875e77
-
SHA256
afcc403016c3fbbb10e732010bbc93854c1e1be63df48c91901acd7e05aa0e2c
-
SHA512
9e53484a98183723e63359ea714dea7b48d0ef43ae26a426fb0889dc1320b3b57f3876546ed4c49284cc79ab52f0b240954eb16b8be3ca392570d7010872b458
-
SSDEEP
49152:6jb3j1kXfkYRoRPxTUo+Fe59czFy0VuKxtTGMcq34r:6nj1kPkYRodxTUoWU9j0oKzTvY
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2