General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241121-qakn1ssmbv
-
MD5
832c9676a2a7c2ad3af65ca7c3cde743
-
SHA1
b773918c7b1880094b9da6153d27c9d718032df7
-
SHA256
0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac
-
SHA512
39c64a295bba8e1aab00025bd1f44b6c67e770ed34285667b4243244c90641a71a894159f7c8d9f95d757370907cbfb8f5572350a37963129a06b9f7f436282d
-
SSDEEP
49152:2Cgk7+lo2sSwASoOt7sEBR8vWJVTAGzeEMJc05:rgk7+lo2sS5S57sErqWJhHyEMJc
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
832c9676a2a7c2ad3af65ca7c3cde743
-
SHA1
b773918c7b1880094b9da6153d27c9d718032df7
-
SHA256
0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac
-
SHA512
39c64a295bba8e1aab00025bd1f44b6c67e770ed34285667b4243244c90641a71a894159f7c8d9f95d757370907cbfb8f5572350a37963129a06b9f7f436282d
-
SSDEEP
49152:2Cgk7+lo2sSwASoOt7sEBR8vWJVTAGzeEMJc05:rgk7+lo2sS5S57sErqWJhHyEMJc
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2