Overview

overview

9

Static

static

3

1.exe

windows7-x64

9

1.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    1.8MB

  • Sample

    241121-p5fg4ssgrn

  • MD5

    f6d459152f27dcf14efe82eb0192b91a

  • SHA1

    00aa1e5b81b225792ad2631d6aebebe12fdcf841

  • SHA256

    89393dc6bb3eb10d66af588acd3d7f94960373000e3c007b04b82fd38a367432

  • SHA512

    0f4d59c1c7678ad3dc78a1a95e63ac8495ab5cdd7236763e7d0fa8eaee85542446ee9950e0a1f550d39ac47e530bacbda202fab487f3477ba0e3ff344465dd1d

  • SSDEEP

    24576:VyusD74VgkWwiRJt5gblqOCzEXUJ79Kj90NTsgPj7QHb7q3nMyBz7VzDMZ3cD+5L:+/4Ewix86IIJJxsTePBPV/MtAyyV

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      1.exe

    • Size

      1.8MB

    • MD5

      f6d459152f27dcf14efe82eb0192b91a

    • SHA1

      00aa1e5b81b225792ad2631d6aebebe12fdcf841

    • SHA256

      89393dc6bb3eb10d66af588acd3d7f94960373000e3c007b04b82fd38a367432

    • SHA512

      0f4d59c1c7678ad3dc78a1a95e63ac8495ab5cdd7236763e7d0fa8eaee85542446ee9950e0a1f550d39ac47e530bacbda202fab487f3477ba0e3ff344465dd1d

    • SSDEEP

      24576:VyusD74VgkWwiRJt5gblqOCzEXUJ79Kj90NTsgPj7QHb7q3nMyBz7VzDMZ3cD+5L:+/4Ewix86IIJJxsTePBPV/MtAyyV

    Score
    9/10
    discoveryevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks