db57e25d6895732ebfc5346e0bf6f9f982cb0bda151b29d628c2088358073b6b | Triage

Sharing

General

Target

db57e25d6895732ebfc5346e0bf6f9f982cb0bda151b29d628c2088358073b6b.exe
Size

2.6MB
Sample

241120-qjbgpsxapb
MD5

cab25357167e86d43912edd2c1873459
SHA1

7af5c01c50be314e7204856b5cffe35f08252186
SHA256

db57e25d6895732ebfc5346e0bf6f9f982cb0bda151b29d628c2088358073b6b
SHA512

2dd9352f7fc33b7844d28249d89d7810a02558e0afef97c06e007177e84482f51311fecd02064c372f0f385f8ed2e59ac1d7a4a08a9e19e5da0b3786e5dbf22b
SSDEEP

24576:uleovH9YPFf0JECMii1+kOvEi9Bc30cE52I+f8B30JseNZ7idRKqPnsIOwoqOxWx:K9HS+tNO/OaqXuqOof9IU

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  db57e25d6895732ebfc5346e0bf6f9f982cb0bda151b29d628c2088358073b6b.exe
- Size
  
  2.6MB
- MD5
  
  cab25357167e86d43912edd2c1873459
- SHA1
  
  7af5c01c50be314e7204856b5cffe35f08252186
- SHA256
  
  db57e25d6895732ebfc5346e0bf6f9f982cb0bda151b29d628c2088358073b6b
- SHA512
  
  2dd9352f7fc33b7844d28249d89d7810a02558e0afef97c06e007177e84482f51311fecd02064c372f0f385f8ed2e59ac1d7a4a08a9e19e5da0b3786e5dbf22b
- SSDEEP
  
  24576:uleovH9YPFf0JECMii1+kOvEi9Bc30cE52I+f8B30JseNZ7idRKqPnsIOwoqOxWx:K9HS+tNO/OaqXuqOof9IU
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan