General
-
Target
25afb1fdb7cee01a4da36040c83ef68161dd4416c869cbdbe29846c58e8bc255.exe
-
Size
2.7MB
-
Sample
241120-nwry4s1kck
-
MD5
78aa3692bf925c1480871bd2ff02d271
-
SHA1
a08112e41947c6d66c69c61dda191e929dc85563
-
SHA256
25afb1fdb7cee01a4da36040c83ef68161dd4416c869cbdbe29846c58e8bc255
-
SHA512
f75172a89e706a99eda5871ada29313417a6133b6596f0f1f36b37fef1f463e2262c83408647e7c6248d51f10b1d93ceb65a36764de8edb38187f675dbb9c22d
-
SSDEEP
49152:88djkPCCtcW0Gkp/rw0Az0Vh1fQ2fSkOd:88dAPCCGWhyTw0Az0Vh1I2qka
Malware Config
Targets
-
-
Target
25afb1fdb7cee01a4da36040c83ef68161dd4416c869cbdbe29846c58e8bc255.exe
-
Size
2.7MB
-
MD5
78aa3692bf925c1480871bd2ff02d271
-
SHA1
a08112e41947c6d66c69c61dda191e929dc85563
-
SHA256
25afb1fdb7cee01a4da36040c83ef68161dd4416c869cbdbe29846c58e8bc255
-
SHA512
f75172a89e706a99eda5871ada29313417a6133b6596f0f1f36b37fef1f463e2262c83408647e7c6248d51f10b1d93ceb65a36764de8edb38187f675dbb9c22d
-
SSDEEP
49152:88djkPCCtcW0Gkp/rw0Az0Vh1fQ2fSkOd:88dAPCCGWhyTw0Az0Vh1I2qka
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2