General
-
Target
75c752bb2e5ff68a9689fa43bc6a9e408834ebc40a50725e6ca31fc26553af0e.exe
-
Size
1.8MB
-
Sample
241121-gfk3asyray
-
MD5
ff1c291b46fb3ada2bdb55ba4c14bcfe
-
SHA1
875c6f3b14c117f3429771d5e8d82ee667c8fed6
-
SHA256
75c752bb2e5ff68a9689fa43bc6a9e408834ebc40a50725e6ca31fc26553af0e
-
SHA512
ec8ff21cd6e26186ddfe4985040e058161257a24d0569c8074df99f71027467faba7353b26767664a1104abae0794eaa5b95391bb4cd721eadc6fc4a36241ea4
-
SSDEEP
49152:veJstCliii7ZFFcB1YwHDOUPeQ1dm+TL36/GKwKT2Zb8I0u8LN:GGtClit73FcB1Y2zPeQ1d93UUKT2Zns
Malware Config
Targets
-
-
Target
75c752bb2e5ff68a9689fa43bc6a9e408834ebc40a50725e6ca31fc26553af0e.exe
-
Size
1.8MB
-
MD5
ff1c291b46fb3ada2bdb55ba4c14bcfe
-
SHA1
875c6f3b14c117f3429771d5e8d82ee667c8fed6
-
SHA256
75c752bb2e5ff68a9689fa43bc6a9e408834ebc40a50725e6ca31fc26553af0e
-
SHA512
ec8ff21cd6e26186ddfe4985040e058161257a24d0569c8074df99f71027467faba7353b26767664a1104abae0794eaa5b95391bb4cd721eadc6fc4a36241ea4
-
SSDEEP
49152:veJstCliii7ZFFcB1YwHDOUPeQ1dm+TL36/GKwKT2Zb8I0u8LN:GGtClit73FcB1Y2zPeQ1d93UUKT2Zns
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2