General
-
Target
0b6d2c28e5c14e954b58dcbe0ff777de0312abfaf5f463a55fb9fc0f631dc3b0.exe
-
Size
2.6MB
-
Sample
241121-crxs1sxdrc
-
MD5
4eaf57719a7966e309e186bf63a8f6cc
-
SHA1
2aabbcec70113e272872957c7858683d05dbd5ab
-
SHA256
0b6d2c28e5c14e954b58dcbe0ff777de0312abfaf5f463a55fb9fc0f631dc3b0
-
SHA512
9a6c3c9cd8c863ea13fbe163e5601cddb7aa813e0165e4e95f3aa6791a5562ca406198b64818a07852b0412ce798fef910c7ad026ce73d359f75539225fc01c1
-
SSDEEP
49152:o4DSTMFQcnj/pkLzJBs9q1qIBKO1rsdN0L63t4l:o4DSTMFQcnjqnJm9q1qIs+rsdq0Sl
Malware Config
Targets
-
-
Target
0b6d2c28e5c14e954b58dcbe0ff777de0312abfaf5f463a55fb9fc0f631dc3b0.exe
-
Size
2.6MB
-
MD5
4eaf57719a7966e309e186bf63a8f6cc
-
SHA1
2aabbcec70113e272872957c7858683d05dbd5ab
-
SHA256
0b6d2c28e5c14e954b58dcbe0ff777de0312abfaf5f463a55fb9fc0f631dc3b0
-
SHA512
9a6c3c9cd8c863ea13fbe163e5601cddb7aa813e0165e4e95f3aa6791a5562ca406198b64818a07852b0412ce798fef910c7ad026ce73d359f75539225fc01c1
-
SSDEEP
49152:o4DSTMFQcnj/pkLzJBs9q1qIBKO1rsdN0L63t4l:o4DSTMFQcnjqnJm9q1qIs+rsdq0Sl
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2