General
-
Target
db7dbb4fe5bea23e6b11448ddf77229911a59dd4d5020376e2fae01c990e12a8.exe
-
Size
2.6MB
-
Sample
241120-qjl87sxapg
-
MD5
0a33581c9af53882ca12bf14c8367d82
-
SHA1
2755810b493b80e4730419843db66b83c2dea1ff
-
SHA256
db7dbb4fe5bea23e6b11448ddf77229911a59dd4d5020376e2fae01c990e12a8
-
SHA512
9821613c4e05d888bed6e3c99df57dd1d3abb7aca68411f764c7696cea893550fe4a4d2ff01527565e65737818a2ea4f4024611b065fddb161655c51816d7c04
-
SSDEEP
49152:w/7JY+iFBWvyMKPguzupyVjtsxGR3l1ME3wD3:wza+iFBWaMKPGYjmxGR37DwD3
Malware Config
Targets
-
-
Target
db7dbb4fe5bea23e6b11448ddf77229911a59dd4d5020376e2fae01c990e12a8.exe
-
Size
2.6MB
-
MD5
0a33581c9af53882ca12bf14c8367d82
-
SHA1
2755810b493b80e4730419843db66b83c2dea1ff
-
SHA256
db7dbb4fe5bea23e6b11448ddf77229911a59dd4d5020376e2fae01c990e12a8
-
SHA512
9821613c4e05d888bed6e3c99df57dd1d3abb7aca68411f764c7696cea893550fe4a4d2ff01527565e65737818a2ea4f4024611b065fddb161655c51816d7c04
-
SSDEEP
49152:w/7JY+iFBWvyMKPguzupyVjtsxGR3l1ME3wD3:wza+iFBWaMKPGYjmxGR37DwD3
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2