General
-
Target
848e6669aeea01d40da56b8f286928384730a58691817a6da174c079eded983c.exe
-
Size
2.7MB
-
Sample
241120-wah33szdre
-
MD5
dd4189ee996190c23e4688ca5991d6b9
-
SHA1
422a9d81fcf46b1d85839748743d86fa3078f84a
-
SHA256
848e6669aeea01d40da56b8f286928384730a58691817a6da174c079eded983c
-
SHA512
b878221c6e0f9282876801c185e29b63124e7adda4248cc930903434b7ebc957aa6bac42cd697c5d2c2e2cf97cc5f6703c6b243e9e528e501417c6920be4af3d
-
SSDEEP
24576:FtzuxeqpyPfqMMLDdGtBJy+NZNosBOlinO6TwFc6RQTJ1zlNYQBeQmduYcPEly68:Ft/X+YhY6k3EWQmLcaYMte1nT8NUl
Malware Config
Targets
-
-
Target
848e6669aeea01d40da56b8f286928384730a58691817a6da174c079eded983c.exe
-
Size
2.7MB
-
MD5
dd4189ee996190c23e4688ca5991d6b9
-
SHA1
422a9d81fcf46b1d85839748743d86fa3078f84a
-
SHA256
848e6669aeea01d40da56b8f286928384730a58691817a6da174c079eded983c
-
SHA512
b878221c6e0f9282876801c185e29b63124e7adda4248cc930903434b7ebc957aa6bac42cd697c5d2c2e2cf97cc5f6703c6b243e9e528e501417c6920be4af3d
-
SSDEEP
24576:FtzuxeqpyPfqMMLDdGtBJy+NZNosBOlinO6TwFc6RQTJ1zlNYQBeQmduYcPEly68:Ft/X+YhY6k3EWQmLcaYMte1nT8NUl
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2