General
-
Target
c668494e665ca83916da9ad84c303e905f4e4831729f970a1fd62540a3fd1eaa.exe
-
Size
2.6MB
-
Sample
241120-qccq7axldt
-
MD5
856f4df2a9ec6b7165dcbc2b20c866e5
-
SHA1
9769dc8d4235f5a80f7b6b8ceeaf167df4df2516
-
SHA256
c668494e665ca83916da9ad84c303e905f4e4831729f970a1fd62540a3fd1eaa
-
SHA512
ecb47d53904fd10dca0f56c686a7626cfc695ae26eea7767d18ea42c272f572c42874503ab70fe624527ca1443a17513b95a985f07b8de6e3031ad38c9e86a73
-
SSDEEP
49152:+G7kiEA2pxJLBRN5TLmUt395ySOGnZpBR0oKvmX4iR:+G7k5A2pxJLvN5T6Uhyn0Zp4yR
Malware Config
Targets
-
-
Target
c668494e665ca83916da9ad84c303e905f4e4831729f970a1fd62540a3fd1eaa.exe
-
Size
2.6MB
-
MD5
856f4df2a9ec6b7165dcbc2b20c866e5
-
SHA1
9769dc8d4235f5a80f7b6b8ceeaf167df4df2516
-
SHA256
c668494e665ca83916da9ad84c303e905f4e4831729f970a1fd62540a3fd1eaa
-
SHA512
ecb47d53904fd10dca0f56c686a7626cfc695ae26eea7767d18ea42c272f572c42874503ab70fe624527ca1443a17513b95a985f07b8de6e3031ad38c9e86a73
-
SSDEEP
49152:+G7kiEA2pxJLBRN5TLmUt395ySOGnZpBR0oKvmX4iR:+G7k5A2pxJLvN5T6Uhyn0Zp4yR
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2