20155830e7fb270ca7869ee0d2221b439aa86100c44b854d6659c609c2948927 | Triage

Sharing

General

Target

20155830e7fb270ca7869ee0d2221b439aa86100c44b854d6659c609c2948927.exe
Size

2.7MB
Sample

241121-d4v1masqem
MD5

b7f232580012ae7dac6af378137ec5e8
SHA1

5c876e711926d030d4b0eae80a52bd7ea12d761d
SHA256

20155830e7fb270ca7869ee0d2221b439aa86100c44b854d6659c609c2948927
SHA512

c6d8aaedd330e6ddcd2b5475dedfa89c6caf3cdbda9bf03ca4b27d1a951d04906eb3e9f0976e5e7bf671d8454f79f8345fd2506b18b851fbb4df59b8163469f1
SSDEEP

24576:iSMKh2KOJ1kDscX/URltnsZsLz35IbxGudkGSEykeiSR0HZEWDmSrFppUxt66X9i:GKh2KOXcPytSfhFppU1J51J/doL+gV

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  20155830e7fb270ca7869ee0d2221b439aa86100c44b854d6659c609c2948927.exe
- Size
  
  2.7MB
- MD5
  
  b7f232580012ae7dac6af378137ec5e8
- SHA1
  
  5c876e711926d030d4b0eae80a52bd7ea12d761d
- SHA256
  
  20155830e7fb270ca7869ee0d2221b439aa86100c44b854d6659c609c2948927
- SHA512
  
  c6d8aaedd330e6ddcd2b5475dedfa89c6caf3cdbda9bf03ca4b27d1a951d04906eb3e9f0976e5e7bf671d8454f79f8345fd2506b18b851fbb4df59b8163469f1
- SSDEEP
  
  24576:iSMKh2KOJ1kDscX/URltnsZsLz35IbxGudkGSEykeiSR0HZEWDmSrFppUxt66X9i:GKh2KOXcPytSfhFppU1J51J/doL+gV
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan