General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241120-zpvxzatern
-
MD5
c8d560a50cbad5fde494d20a612f6ded
-
SHA1
f12def7221d1ff25cfdb1d2cf227294f984367be
-
SHA256
4f488b6550e9065ea7334ba1e6942e800241f6b2d71b3b2baf5f4e6ca8a858db
-
SHA512
240346381ff956c284417bae7400be8ff7c9b150cbf9922f2bbd73d80521c5320b37cfae2953a04f3dd6b6e7c800d48d45369bf9efaf0ee89f7d134e297e774f
-
SSDEEP
49152:hzbTAct2a96Z7RcwV21uaYfRzwsbLTSnw:xbTActgZ7RcgPRzwsb6w
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
c8d560a50cbad5fde494d20a612f6ded
-
SHA1
f12def7221d1ff25cfdb1d2cf227294f984367be
-
SHA256
4f488b6550e9065ea7334ba1e6942e800241f6b2d71b3b2baf5f4e6ca8a858db
-
SHA512
240346381ff956c284417bae7400be8ff7c9b150cbf9922f2bbd73d80521c5320b37cfae2953a04f3dd6b6e7c800d48d45369bf9efaf0ee89f7d134e297e774f
-
SSDEEP
49152:hzbTAct2a96Z7RcwV21uaYfRzwsbLTSnw:xbTActgZ7RcgPRzwsb6w
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2