General
-
Target
b1428cca95bff0b76ab62397d02df9e3.bin
-
Size
1.6MB
-
Sample
241121-bywzmaxclc
-
MD5
2c343ba40f4b75c35819ddbab6b0712d
-
SHA1
54d70c2a577f4c6f2e086b5b3bf20579d3e36298
-
SHA256
ea9afef33914cff056122c3a3aef3017633dca6669d441760649aa71999825ba
-
SHA512
4362ae7306037c5ae81374f1954cb622c018f7cd7fbc4f15946b6dd86a7a0a76f3dad1a8dc624a7d291b707c999a65631358c9f6d197c78fd107434af00877d3
-
SSDEEP
24576:gensxOLaqMAVR4hnhns2fl1LLiv2QVztSzMu+U575ZUNpz3OAD1e4GPMia65x46S:gAskMK6n42QbDU575ZUP+ADRri5X49d5
Static task
static1
Behavioral task
behavioral1
Sample
329ec550d7912b296ae2936bb392f56d16ac2dcde22a9101a1332e119a164c99.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
329ec550d7912b296ae2936bb392f56d16ac2dcde22a9101a1332e119a164c99.exe
-
Size
2.7MB
-
MD5
b1428cca95bff0b76ab62397d02df9e3
-
SHA1
a5b0ead9e190ce4f64c8ab23ecc412ef8dd7a52b
-
SHA256
329ec550d7912b296ae2936bb392f56d16ac2dcde22a9101a1332e119a164c99
-
SHA512
34b3391f0a24e42c908f2497031096ad7174f2d9e54d155b128bc1fff2922d2fb1f0688393a4a59f3087186eea19f8dc5576e9bc1e8c001ecc3eb888b805b0e5
-
SSDEEP
49152:C/LBPxIi+gOceq1lbUiW7/KOdW3nK1RzfqUUHu1:C/LBPxIicXq3A7/KOdWa1Q5O
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2