General
-
Target
5e33b2113f70189d082a8c87ae822718976c90a84e3a29d55c7acf8f940797f5.exe
-
Size
2.7MB
-
Sample
241121-f1sr7sydlg
-
MD5
4fc28f8386b849a5633c3b4f97decd24
-
SHA1
2f68e0e548d77a1fc5b871ca56246ecf7810799c
-
SHA256
5e33b2113f70189d082a8c87ae822718976c90a84e3a29d55c7acf8f940797f5
-
SHA512
6c66eddc75a4acab38093fccb11f22572c0875ca8e1c182ae67e6628460e2302784165b2173d4593e9a1b9c6546cc0035e8798d218b90f338b94d54ed51d70ad
-
SSDEEP
49152:lXkjvna4eQ2tQdEbLRrD4aAFjnTyTyrdCddM+5Jf:lXkjvnjeQ2tKEbdhAFjwdr
Malware Config
Targets
-
-
Target
5e33b2113f70189d082a8c87ae822718976c90a84e3a29d55c7acf8f940797f5.exe
-
Size
2.7MB
-
MD5
4fc28f8386b849a5633c3b4f97decd24
-
SHA1
2f68e0e548d77a1fc5b871ca56246ecf7810799c
-
SHA256
5e33b2113f70189d082a8c87ae822718976c90a84e3a29d55c7acf8f940797f5
-
SHA512
6c66eddc75a4acab38093fccb11f22572c0875ca8e1c182ae67e6628460e2302784165b2173d4593e9a1b9c6546cc0035e8798d218b90f338b94d54ed51d70ad
-
SSDEEP
49152:lXkjvna4eQ2tQdEbLRrD4aAFjnTyTyrdCddM+5Jf:lXkjvnjeQ2tKEbdhAFjwdr
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2