General

  • Target

    file.exe

  • Size

    2.7MB

  • Sample

    241121-jg9s6azanb

  • MD5

    1030d657dac585a568881e12dc2ab0f7

  • SHA1

    aa96071d9a8ab685426baa62358cac33b9765621

  • SHA256

    f915f6afd3ad47cbf769079b9c5f3bb5394877b0ae2aa072ca9ab46778a7810e

  • SHA512

    58a2ad4792b5b4e2a2224866b21de0e83f36206019833a0c29f8967dcfc84e549cb285ac197631bab25e1b0575044c534ec8cc4127e176b27e324b387a99fd86

  • SSDEEP

    49152:aaRjw9lF8AfgLGbV3iRhHzy79Z5ZN9nf:TRjw9laAfgLDJyb5Jn

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.7MB

    • MD5

      1030d657dac585a568881e12dc2ab0f7

    • SHA1

      aa96071d9a8ab685426baa62358cac33b9765621

    • SHA256

      f915f6afd3ad47cbf769079b9c5f3bb5394877b0ae2aa072ca9ab46778a7810e

    • SHA512

      58a2ad4792b5b4e2a2224866b21de0e83f36206019833a0c29f8967dcfc84e549cb285ac197631bab25e1b0575044c534ec8cc4127e176b27e324b387a99fd86

    • SSDEEP

      49152:aaRjw9lF8AfgLGbV3iRhHzy79Z5ZN9nf:TRjw9laAfgLDJyb5Jn

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks