Overview

overview

10

Static

static

3

f307bfc3d6...be.exe

windows7-x64

10

f307bfc3d6...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33ae691f52ac46353b3f7cdf1d8916fd.bin

  • Size

    1.5MB

  • Sample

    241121-bg5kfaxhqn

  • MD5

    22fcad35e2b76b5c3e36209018ae1c1b

  • SHA1

    608db6677effb63cc53a799a2e3d9ed0fb879248

  • SHA256

    369dbc4abb4c874c71e675201cd6037a0a4ae1ac11aaae39f206c7f50b1ba95b

  • SHA512

    b624cafedf8893466a5c10faca9d63896c13dd26eb03b4abb47906920ae7ff748937b01c332d553f073a463f3e3e4d9761644ee914c0ce84c6b35739839afe98

  • SSDEEP

    24576:qLWuQS3gqzNJn6i/3Sxs+W+cksOY+JVo0h3C/EhIxENaFiuSOILFhDhNr:KWu9gqz3Ys+XcksrojC/mImNGJIDr

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      f307bfc3d6f4e710338171629d9f690706887190750f0fd3845f8e56c49a2abe.exe

    • Size

      2.6MB

    • MD5

      33ae691f52ac46353b3f7cdf1d8916fd

    • SHA1

      004b8b32d043a62ce416abba571f9847b580b152

    • SHA256

      f307bfc3d6f4e710338171629d9f690706887190750f0fd3845f8e56c49a2abe

    • SHA512

      96aee398ec59ede95408beb3e0a8737073a6d4c168a912eec5138b233aa28eb577e16fbef956ce67c561b0039b617d17e1822a3933c5eec5f06ceeefdde62314

    • SSDEEP

      49152:LTQKdPvdNDzIe29CmU3UQZ71bWRD+SAqjXgJ9:PQKdXdNDzIe29CmeFpFSPjwJ9

    Score
    10/10
    discoveryevasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks