General
-
Target
69e094cea726cdd56f9f45dcb02afd4a3b63847b57e4a5453f740475a0c42085
-
Size
2.7MB
-
Sample
241120-mxymlswjey
-
MD5
ac2487270efa68d400f82a40fdea98c7
-
SHA1
088126b5b7ba3fb367dae80b0ebefa8d0c4f9f27
-
SHA256
69e094cea726cdd56f9f45dcb02afd4a3b63847b57e4a5453f740475a0c42085
-
SHA512
b28805f48e90c3aa8c59e3c8ecd0003681d0efec41ae5746e08615026918bf1b6e2e1d572a3b9000a83d3f95497f82876d023fd89c8412a5e42376100da513a6
-
SSDEEP
49152:3ORJEbcYTceHmUPbc7d1+6P4h3hsSg3bX9:3OYIYTcg7Dc7dY6wdWSgr
Malware Config
Targets
-
-
Target
69e094cea726cdd56f9f45dcb02afd4a3b63847b57e4a5453f740475a0c42085
-
Size
2.7MB
-
MD5
ac2487270efa68d400f82a40fdea98c7
-
SHA1
088126b5b7ba3fb367dae80b0ebefa8d0c4f9f27
-
SHA256
69e094cea726cdd56f9f45dcb02afd4a3b63847b57e4a5453f740475a0c42085
-
SHA512
b28805f48e90c3aa8c59e3c8ecd0003681d0efec41ae5746e08615026918bf1b6e2e1d572a3b9000a83d3f95497f82876d023fd89c8412a5e42376100da513a6
-
SSDEEP
49152:3ORJEbcYTceHmUPbc7d1+6P4h3hsSg3bX9:3OYIYTcg7Dc7dY6wdWSgr
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2