General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241121-e5yzcazbnp
-
MD5
52d77a77a26d044864356fd81ee84fd6
-
SHA1
7c0c8f2f2b7bb343dd7a7598458abe319cf60c81
-
SHA256
962ccdf56f8db2358dfdf6227634e08be5783eddd7205a68843c2efb723147d2
-
SHA512
80ce42a7ce7b17c8853f4599c96e1de7ae17d276e713d37f8ec0bf4b867483662374ae54dcb2ff2711934ccd80917785fef119e4d924a2fb74758985ad4b1359
-
SSDEEP
49152:HyZ/TOKHtHwo9AnDJHjWZ14x5e7JI5QxAzh8mp6EX:SZ/SKHpwo9AnDhjWGAdI5QxAzh8mM0
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
52d77a77a26d044864356fd81ee84fd6
-
SHA1
7c0c8f2f2b7bb343dd7a7598458abe319cf60c81
-
SHA256
962ccdf56f8db2358dfdf6227634e08be5783eddd7205a68843c2efb723147d2
-
SHA512
80ce42a7ce7b17c8853f4599c96e1de7ae17d276e713d37f8ec0bf4b867483662374ae54dcb2ff2711934ccd80917785fef119e4d924a2fb74758985ad4b1359
-
SSDEEP
49152:HyZ/TOKHtHwo9AnDJHjWZ14x5e7JI5QxAzh8mp6EX:SZ/SKHpwo9AnDhjWGAdI5QxAzh8mM0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2