General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241121-gc2kwatmhp
-
MD5
b6232971846816075fb9476cb82148fb
-
SHA1
32fdc8249eb381bdc6733092b6be00d3bdab5d2e
-
SHA256
1a1fa8992c84f43a7d642d63ccbc350eccf35263a9aa097709ad75fa13bc69d7
-
SHA512
7f861f5086dddbd0939f303a78b1ad00464d666171448e7d386318b988a09434ace95288dbe0f4dc51cca39dacbed97b405b111e149ca31d3ca1ff4f3cab781a
-
SSDEEP
49152:h0Sk1NiPWUBwqbUUBgxIRripJuQRkjEGC:q1NWWUvbUIgxIRr8JuQRPGC
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
b6232971846816075fb9476cb82148fb
-
SHA1
32fdc8249eb381bdc6733092b6be00d3bdab5d2e
-
SHA256
1a1fa8992c84f43a7d642d63ccbc350eccf35263a9aa097709ad75fa13bc69d7
-
SHA512
7f861f5086dddbd0939f303a78b1ad00464d666171448e7d386318b988a09434ace95288dbe0f4dc51cca39dacbed97b405b111e149ca31d3ca1ff4f3cab781a
-
SSDEEP
49152:h0Sk1NiPWUBwqbUUBgxIRripJuQRkjEGC:q1NWWUvbUIgxIRr8JuQRPGC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2