General

  • Target

    b1428cca95bff0b76ab62397d02df9e3.bin

  • Size

    1.6MB

  • Sample

    241121-bywzmaxclc

  • MD5

    2c343ba40f4b75c35819ddbab6b0712d

  • SHA1

    54d70c2a577f4c6f2e086b5b3bf20579d3e36298

  • SHA256

    ea9afef33914cff056122c3a3aef3017633dca6669d441760649aa71999825ba

  • SHA512

    4362ae7306037c5ae81374f1954cb622c018f7cd7fbc4f15946b6dd86a7a0a76f3dad1a8dc624a7d291b707c999a65631358c9f6d197c78fd107434af00877d3

  • SSDEEP

    24576:gensxOLaqMAVR4hnhns2fl1LLiv2QVztSzMu+U575ZUNpz3OAD1e4GPMia65x46S:gAskMK6n42QbDU575ZUP+ADRri5X49d5

Malware Config

Targets

    • Target

      329ec550d7912b296ae2936bb392f56d16ac2dcde22a9101a1332e119a164c99.exe

    • Size

      2.7MB

    • MD5

      b1428cca95bff0b76ab62397d02df9e3

    • SHA1

      a5b0ead9e190ce4f64c8ab23ecc412ef8dd7a52b

    • SHA256

      329ec550d7912b296ae2936bb392f56d16ac2dcde22a9101a1332e119a164c99

    • SHA512

      34b3391f0a24e42c908f2497031096ad7174f2d9e54d155b128bc1fff2922d2fb1f0688393a4a59f3087186eea19f8dc5576e9bc1e8c001ecc3eb888b805b0e5

    • SSDEEP

      49152:C/LBPxIi+gOceq1lbUiW7/KOdW3nK1RzfqUUHu1:C/LBPxIicXq3A7/KOdWa1Q5O

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks