General
-
Target
8c11e3dc791817741c328118f618d8b119816badf0607159f9be552b56b1f50c.exe
-
Size
2.6MB
-
Sample
241120-pt1nxa1ngm
-
MD5
f290c2e155062b60d5fd3b2d9c73a4a2
-
SHA1
8d674d9118b536dea4a2d806296bae0ec5614bee
-
SHA256
8c11e3dc791817741c328118f618d8b119816badf0607159f9be552b56b1f50c
-
SHA512
542cfdb67fccf67e495fbe3711989bf5cbc99d9a47ba8a9f07e3a79ec382babf7fe2a79a1c16e37503dfa2d5183e2c2b229757e6432cc584a8249b52e4eab740
-
SSDEEP
24576:r4I+kBZ99LSSoIx+plgaYXcUhLnAy/1C3aXOq2L+WzZxBPOzUc5DmgI4K/xF79o3:r4Y998Ix+p5YXcUhn31uRNQG9ufucM2J
Malware Config
Targets
-
-
Target
8c11e3dc791817741c328118f618d8b119816badf0607159f9be552b56b1f50c.exe
-
Size
2.6MB
-
MD5
f290c2e155062b60d5fd3b2d9c73a4a2
-
SHA1
8d674d9118b536dea4a2d806296bae0ec5614bee
-
SHA256
8c11e3dc791817741c328118f618d8b119816badf0607159f9be552b56b1f50c
-
SHA512
542cfdb67fccf67e495fbe3711989bf5cbc99d9a47ba8a9f07e3a79ec382babf7fe2a79a1c16e37503dfa2d5183e2c2b229757e6432cc584a8249b52e4eab740
-
SSDEEP
24576:r4I+kBZ99LSSoIx+plgaYXcUhLnAy/1C3aXOq2L+WzZxBPOzUc5DmgI4K/xF79o3:r4Y998Ix+p5YXcUhn31uRNQG9ufucM2J
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2