General
-
Target
8a23d79aef5d7b3f48af01b5cc094dab7a31fc545b7755535e95de0d3b9f8ba0.exe
-
Size
2.7MB
-
Sample
241121-hjy9rszkav
-
MD5
50f7780252b3ffa7adeb939b1c7f6445
-
SHA1
7ce389306bff34f6c7845c057417b407f5924ab5
-
SHA256
8a23d79aef5d7b3f48af01b5cc094dab7a31fc545b7755535e95de0d3b9f8ba0
-
SHA512
2798f74df058743e54784a0d239383524b48705d0d61fcd09561ad9e6b5c216ac1d3eb9b07fe9bb71121d50cca00220daf6f0bf23297a021d5c3809f9acdbb79
-
SSDEEP
49152:xusqvcTqc4WSBP1sPcF4aWpy9Uppdh6grJLLcIP:csqvcWclSB9sPcF4aWs98pdhLLcI
Malware Config
Targets
-
-
Target
8a23d79aef5d7b3f48af01b5cc094dab7a31fc545b7755535e95de0d3b9f8ba0.exe
-
Size
2.7MB
-
MD5
50f7780252b3ffa7adeb939b1c7f6445
-
SHA1
7ce389306bff34f6c7845c057417b407f5924ab5
-
SHA256
8a23d79aef5d7b3f48af01b5cc094dab7a31fc545b7755535e95de0d3b9f8ba0
-
SHA512
2798f74df058743e54784a0d239383524b48705d0d61fcd09561ad9e6b5c216ac1d3eb9b07fe9bb71121d50cca00220daf6f0bf23297a021d5c3809f9acdbb79
-
SSDEEP
49152:xusqvcTqc4WSBP1sPcF4aWpy9Uppdh6grJLLcIP:csqvcWclSB9sPcF4aWs98pdhLLcI
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2