Overview

overview

10

Static

static

3

01ed32593b...0a.exe

windows7-x64

10

01ed32593b...0a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56c46875035c77ec87779905e74ca141.bin

  • Size

    1.6MB

  • Sample

    241121-bp7prssjgn

  • MD5

    ef2b54d73a7b025af309b5f99d755245

  • SHA1

    dcfb39839bd128ce3036255d602bc26b8bcdc39e

  • SHA256

    e2f98a1f99d315e326f43e75148bf2085416b4cc4ce3747623e73e78fbba7140

  • SHA512

    882151c63cd390ab07b62a659656645b4de99ba7e61a4755a28fed44342629138b65b259a929c45f4545ac8abed084aea7ac37a1bc1c6fa917b97da1dbabbe1b

  • SSDEEP

    49152:A/TSw8BcVlDB1xLwKx9aGsJ3SAuZ1ShOyqr:I8OVDrA3vKhyo

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      01ed32593b780544599ccdac3eb728d9839e509a83d93a8c84fd9da0c111560a.exe

    • Size

      2.7MB

    • MD5

      56c46875035c77ec87779905e74ca141

    • SHA1

      5e094c6364c6e850304f55bd1fb199bdfd423adf

    • SHA256

      01ed32593b780544599ccdac3eb728d9839e509a83d93a8c84fd9da0c111560a

    • SHA512

      4f08eaca10d9ffcbe24c2a63436d3bdb1d76a513cad4bbb57ae7b4980efc6ed3b4c1abf0ffc76da235725776b3ee0c134281a350c721a586912511d9b9d763e1

    • SSDEEP

      49152:Sb2W7EETruY4lQysvXAtxi92jLYo6EGU0kM7na/nwMN1dYDddGAedDowy:Sb2W7EETrDvys/t0/wMN1dYDbGrX

    Score
    10/10
    discoveryevasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks