General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241121-259geaznav
-
MD5
280ac654537ec60253b4f6d5a69f35a3
-
SHA1
9c22332d27561cb3eaaafe080170ff9bb7cfc687
-
SHA256
149d0c70a0919ffb52c056120c5e8b14eaf489eee9c9af52d5641273e1eb46e9
-
SHA512
7a679a3f20bdc4aed79175e5a9b1f19a1d0d8c9118e6769f100c0329fb2a98b84ba8413aaf15af62a4edab094334d1d29cfcd2a0f2bfb8d2bcc1a51dc78df3b6
-
SSDEEP
49152:dxDU6ScoDIrIVRXuAJFA0UWksqPjzKioyme6wtZ:fDUdcEIrIVRtURbzKlyW
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
280ac654537ec60253b4f6d5a69f35a3
-
SHA1
9c22332d27561cb3eaaafe080170ff9bb7cfc687
-
SHA256
149d0c70a0919ffb52c056120c5e8b14eaf489eee9c9af52d5641273e1eb46e9
-
SHA512
7a679a3f20bdc4aed79175e5a9b1f19a1d0d8c9118e6769f100c0329fb2a98b84ba8413aaf15af62a4edab094334d1d29cfcd2a0f2bfb8d2bcc1a51dc78df3b6
-
SSDEEP
49152:dxDU6ScoDIrIVRXuAJFA0UWksqPjzKioyme6wtZ:fDUdcEIrIVRtURbzKlyW
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2