683609cf5dad7e5a984bf4ebab65c2fa2a6d59724507b7c5e9d240932f2994a4 | Triage

Sharing

General

Target

683609cf5dad7e5a984bf4ebab65c2fa2a6d59724507b7c5e9d240932f2994a4.exe
Size

2.7MB
Sample

241121-gd5zpayqhv
MD5

8016e5d93e55bb0356c789bb6ba0bdbe
SHA1

d22bb6723ea29ff986bdbcda2943b6f77f9121e6
SHA256

683609cf5dad7e5a984bf4ebab65c2fa2a6d59724507b7c5e9d240932f2994a4
SHA512

02a0988cdf9fad5e64893c9271ca4b7cd9008214193c713b1e068912461a7e4d01342c97c96ab0091c25c7444705ba516ef7349ead6843f9cfb9127278d1d0c0
SSDEEP

24576:hrIAqSlyHUp/CpYC0PXgE7qtliQJAmn7qdfYKs0ufkqhrLKN5KOVCOo7fU7wBBZF:hUulZ4QaE7hN5KKo7MsBBL0DuWZB9I

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  683609cf5dad7e5a984bf4ebab65c2fa2a6d59724507b7c5e9d240932f2994a4.exe
- Size
  
  2.7MB
- MD5
  
  8016e5d93e55bb0356c789bb6ba0bdbe
- SHA1
  
  d22bb6723ea29ff986bdbcda2943b6f77f9121e6
- SHA256
  
  683609cf5dad7e5a984bf4ebab65c2fa2a6d59724507b7c5e9d240932f2994a4
- SHA512
  
  02a0988cdf9fad5e64893c9271ca4b7cd9008214193c713b1e068912461a7e4d01342c97c96ab0091c25c7444705ba516ef7349ead6843f9cfb9127278d1d0c0
- SSDEEP
  
  24576:hrIAqSlyHUp/CpYC0PXgE7qtliQJAmn7qdfYKs0ufkqhrLKN5KOVCOo7fU7wBBZF:hUulZ4QaE7hN5KKo7MsBBL0DuWZB9I
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan