General
-
Target
4670a2971ce2acf600f4eb00541037cab93cfc57f61ee09af167c7e52f5aaa4c
-
Size
2.7MB
-
Sample
241121-l1sebs1ajg
-
MD5
4d8a4d824fe07691f48374a04428d3d0
-
SHA1
a8c0d0c6837b0886f357a02541b1cb11e7fbcf67
-
SHA256
4670a2971ce2acf600f4eb00541037cab93cfc57f61ee09af167c7e52f5aaa4c
-
SHA512
8d5ded542030fd4a836dd5971c52b14f571f81f8de69d202343e402fc1285fd4a9a276a45248d58efce87b8947b67c65c994caa222322996da81ff869edeb74d
-
SSDEEP
49152:mpr63atlyIpLgJrRhAx/qcezsiTR2rrQyhXE:0r63KlRLgJro/zMsiFkrthX
Malware Config
Targets
-
-
Target
4670a2971ce2acf600f4eb00541037cab93cfc57f61ee09af167c7e52f5aaa4c
-
Size
2.7MB
-
MD5
4d8a4d824fe07691f48374a04428d3d0
-
SHA1
a8c0d0c6837b0886f357a02541b1cb11e7fbcf67
-
SHA256
4670a2971ce2acf600f4eb00541037cab93cfc57f61ee09af167c7e52f5aaa4c
-
SHA512
8d5ded542030fd4a836dd5971c52b14f571f81f8de69d202343e402fc1285fd4a9a276a45248d58efce87b8947b67c65c994caa222322996da81ff869edeb74d
-
SSDEEP
49152:mpr63atlyIpLgJrRhAx/qcezsiTR2rrQyhXE:0r63KlRLgJro/zMsiFkrthX
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2