General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241121-jbytpszakc
-
MD5
1030d657dac585a568881e12dc2ab0f7
-
SHA1
aa96071d9a8ab685426baa62358cac33b9765621
-
SHA256
f915f6afd3ad47cbf769079b9c5f3bb5394877b0ae2aa072ca9ab46778a7810e
-
SHA512
58a2ad4792b5b4e2a2224866b21de0e83f36206019833a0c29f8967dcfc84e549cb285ac197631bab25e1b0575044c534ec8cc4127e176b27e324b387a99fd86
-
SSDEEP
49152:aaRjw9lF8AfgLGbV3iRhHzy79Z5ZN9nf:TRjw9laAfgLDJyb5Jn
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
1030d657dac585a568881e12dc2ab0f7
-
SHA1
aa96071d9a8ab685426baa62358cac33b9765621
-
SHA256
f915f6afd3ad47cbf769079b9c5f3bb5394877b0ae2aa072ca9ab46778a7810e
-
SHA512
58a2ad4792b5b4e2a2224866b21de0e83f36206019833a0c29f8967dcfc84e549cb285ac197631bab25e1b0575044c534ec8cc4127e176b27e324b387a99fd86
-
SSDEEP
49152:aaRjw9lF8AfgLGbV3iRhHzy79Z5ZN9nf:TRjw9laAfgLDJyb5Jn
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2