General
-
Target
54fba3007a5aa7435b178f3ed61e22f3643c9fdd49cb845290ff15be84dc58b3.exe
-
Size
2.6MB
-
Sample
241121-fnrz5sycpg
-
MD5
a0b198a5fd53cfff7e90ad121b4c40a7
-
SHA1
91ffbf7e61f3fe5b8fea9edc95c0a07eac19d842
-
SHA256
54fba3007a5aa7435b178f3ed61e22f3643c9fdd49cb845290ff15be84dc58b3
-
SHA512
da04642e10465d16a44ba12d4262804bbf4a7ac40591cadcc550c7d6008c6acaeb6a5ef5646bd0dfdbb071ce66929bd1d6cb65be8df2a538740e8ca196e7297c
-
SSDEEP
49152:pJyYVxRH3tT5pr8rSy915b67aVWlhQkblHTNYLjW:pJy6jT5tYn5bKaL8HTNCjW
Malware Config
Targets
-
-
Target
54fba3007a5aa7435b178f3ed61e22f3643c9fdd49cb845290ff15be84dc58b3.exe
-
Size
2.6MB
-
MD5
a0b198a5fd53cfff7e90ad121b4c40a7
-
SHA1
91ffbf7e61f3fe5b8fea9edc95c0a07eac19d842
-
SHA256
54fba3007a5aa7435b178f3ed61e22f3643c9fdd49cb845290ff15be84dc58b3
-
SHA512
da04642e10465d16a44ba12d4262804bbf4a7ac40591cadcc550c7d6008c6acaeb6a5ef5646bd0dfdbb071ce66929bd1d6cb65be8df2a538740e8ca196e7297c
-
SSDEEP
49152:pJyYVxRH3tT5pr8rSy915b67aVWlhQkblHTNYLjW:pJy6jT5tYn5bKaL8HTNCjW
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2