General

  • Target

    file.exe

  • Size

    2.6MB

  • Sample

    241120-yt5gjasanh

  • MD5

    64fae8982e9943f1f140dd0656989812

  • SHA1

    1b140805481dbef455b41d174e11766e23670185

  • SHA256

    4e32b7750d935b1eb8acdeaeb9c701e7a9b390be3c37db6769d520c000b66d42

  • SHA512

    0a84271da4550930f5b75a0331d9c7cdc74bfda37e6e6efe2b1dde2b9d41fe990b9d3d87e583089e5c07cc88457a7668a50bd9c26101f19347472170f61b5c79

  • SSDEEP

    49152:t4ti6sIgjJXr0oeCrWyPjaoVtOQ94mn+GeG:t4t3sLjJXwoxSyPjaoVtP99+GZ

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.6MB

    • MD5

      64fae8982e9943f1f140dd0656989812

    • SHA1

      1b140805481dbef455b41d174e11766e23670185

    • SHA256

      4e32b7750d935b1eb8acdeaeb9c701e7a9b390be3c37db6769d520c000b66d42

    • SHA512

      0a84271da4550930f5b75a0331d9c7cdc74bfda37e6e6efe2b1dde2b9d41fe990b9d3d87e583089e5c07cc88457a7668a50bd9c26101f19347472170f61b5c79

    • SSDEEP

      49152:t4ti6sIgjJXr0oeCrWyPjaoVtOQ94mn+GeG:t4t3sLjJXwoxSyPjaoVtP99+GZ

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks