7c4cdf4ff736598c7c4611feb1c4de1e845b3fd4e8708ddbb652b967e6722dd3 | Triage

Sharing

General

Target

7c4cdf4ff736598c7c4611feb1c4de1e845b3fd4e8708ddbb652b967e6722dd3.exe
Size

2.6MB
Sample

241121-gnkfqszekq
MD5

17953500d9b941e5d42ea7121adaadc8
SHA1

e98556a798deec4b705ede2908316aa337658904
SHA256

7c4cdf4ff736598c7c4611feb1c4de1e845b3fd4e8708ddbb652b967e6722dd3
SHA512

7f35e7651e60a558f1c4c08c4ae086a786b6ea86b16bf8fbb61f07f59512b957598ce7d3e35edd1ae39f53b79c886869e2d583b452a950a75e4ab8adb7820bbd
SSDEEP

49152:XX5tH2SeYbQmfcXddDo5WxOSH52YdHq4u3VJBb3tVwonma+GPj/O6cTA3:XXXH2HYbQmf6ddDooxOSH1K4cb3gGP/1

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  7c4cdf4ff736598c7c4611feb1c4de1e845b3fd4e8708ddbb652b967e6722dd3.exe
- Size
  
  2.6MB
- MD5
  
  17953500d9b941e5d42ea7121adaadc8
- SHA1
  
  e98556a798deec4b705ede2908316aa337658904
- SHA256
  
  7c4cdf4ff736598c7c4611feb1c4de1e845b3fd4e8708ddbb652b967e6722dd3
- SHA512
  
  7f35e7651e60a558f1c4c08c4ae086a786b6ea86b16bf8fbb61f07f59512b957598ce7d3e35edd1ae39f53b79c886869e2d583b452a950a75e4ab8adb7820bbd
- SSDEEP
  
  49152:XX5tH2SeYbQmfcXddDo5WxOSH52YdHq4u3VJBb3tVwonma+GPj/O6cTA3:XXXH2HYbQmf6ddDooxOSH1K4cb3gGP/1
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan