General
-
Target
4198f3f3a8b80b86d7f66bcfaf98e6c42caedbdb31eb2ae21c0f3340195b70c5.exe
-
Size
2.7MB
-
Sample
241121-fcgp2atkgl
-
MD5
72c14b3785a58d2193792d24910b48ca
-
SHA1
c3a14fe31913d26ab7c565c71a7d7dc99e8936b0
-
SHA256
4198f3f3a8b80b86d7f66bcfaf98e6c42caedbdb31eb2ae21c0f3340195b70c5
-
SHA512
ed479cb7ca48b02d8af3dddb29942028a9f9b0f395cf49431603383b592eb0b1ceca22821d728ee07e48a9371a71729b3509ed188f655ebd557e1d3c576ac739
-
SSDEEP
49152:kN3JiXRlYLLDFFenDLfrSsKpJFnZ5WW7StN:UJiX4RFeD3SLtKrt
Malware Config
Targets
-
-
Target
4198f3f3a8b80b86d7f66bcfaf98e6c42caedbdb31eb2ae21c0f3340195b70c5.exe
-
Size
2.7MB
-
MD5
72c14b3785a58d2193792d24910b48ca
-
SHA1
c3a14fe31913d26ab7c565c71a7d7dc99e8936b0
-
SHA256
4198f3f3a8b80b86d7f66bcfaf98e6c42caedbdb31eb2ae21c0f3340195b70c5
-
SHA512
ed479cb7ca48b02d8af3dddb29942028a9f9b0f395cf49431603383b592eb0b1ceca22821d728ee07e48a9371a71729b3509ed188f655ebd557e1d3c576ac739
-
SSDEEP
49152:kN3JiXRlYLLDFFenDLfrSsKpJFnZ5WW7StN:UJiX4RFeD3SLtKrt
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2