General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241121-3b9ezswrej
-
MD5
9fdc0979f1e3281023d6cfe460a2912c
-
SHA1
a8027a48aca67f37524c3624985ce49cacc79c3a
-
SHA256
3e185ed3062afd0e280c05f93c257729fcc2d46cf71626b299e3f61ef870d27b
-
SHA512
0f0c12484679a4b3a06b92fc3ecab7a65ff775448af2fefee1e5d8f7b514435ad24bef38f140b27e6489ac335c96894a70928c5813fc33902327f8295085342c
-
SSDEEP
49152:aWZ1Jah86ZFHid4VXsbyq5FdI8uP1FdsXUX:aWZn6ZBi2CbyGA934UX
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
9fdc0979f1e3281023d6cfe460a2912c
-
SHA1
a8027a48aca67f37524c3624985ce49cacc79c3a
-
SHA256
3e185ed3062afd0e280c05f93c257729fcc2d46cf71626b299e3f61ef870d27b
-
SHA512
0f0c12484679a4b3a06b92fc3ecab7a65ff775448af2fefee1e5d8f7b514435ad24bef38f140b27e6489ac335c96894a70928c5813fc33902327f8295085342c
-
SSDEEP
49152:aWZ1Jah86ZFHid4VXsbyq5FdI8uP1FdsXUX:aWZn6ZBi2CbyGA934UX
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2