General

  • Target

    file

  • Size

    2.7MB

  • Sample

    241121-spb2jasepe

  • MD5

    a2f9e6f726fdc1bcd491d5fc9184b449

  • SHA1

    61fcedf632c5eb6d07186b7468628e2d7e706288

  • SHA256

    bb560c6c1c1b47df3aafe508faacaf68382e86f9fddb8b75a8f34fd56ab23c36

  • SHA512

    8ae20013266762af015f2e265da36796d7fb45ff520b9b06a5e895f10cafd849b3a844c49ad1fd03a731a49b03e126df4bece8408ac54202611e118904961ed3

  • SSDEEP

    24576:mMnZlh1/ywvx6fj6UN6FTzbGgugB2dJ+UZRSpuztCA/wPJyVmEoUAt07ZYHp+rTl:lbrx6RNhgugBU1Spuzlww4BwZ+i

Malware Config

Targets

    • Target

      file

    • Size

      2.7MB

    • MD5

      a2f9e6f726fdc1bcd491d5fc9184b449

    • SHA1

      61fcedf632c5eb6d07186b7468628e2d7e706288

    • SHA256

      bb560c6c1c1b47df3aafe508faacaf68382e86f9fddb8b75a8f34fd56ab23c36

    • SHA512

      8ae20013266762af015f2e265da36796d7fb45ff520b9b06a5e895f10cafd849b3a844c49ad1fd03a731a49b03e126df4bece8408ac54202611e118904961ed3

    • SSDEEP

      24576:mMnZlh1/ywvx6fj6UN6FTzbGgugB2dJ+UZRSpuztCA/wPJyVmEoUAt07ZYHp+rTl:lbrx6RNhgugBU1Spuzlww4BwZ+i

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks