General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241121-tw2q7stlhz
-
MD5
ff2e1261175ca36b11a12fc96382d1d4
-
SHA1
7f212abf911d58906b4d1332f3d226ed3e7410d1
-
SHA256
56d99af6e7fdc862e61b3574c9a3f86bb640b70369bc48e8827e373a2e629bcd
-
SHA512
2d7b96ed299804cd017b841b902f190c93dfe0713d863326331fe47031cdf31178ba464cddc4452db1f8586b87f899eb13a8b0ffde2781f6e8f95e862caa2659
-
SSDEEP
49152:5qAQMxDPfW3Mx5JVJatTRsp0PkDMWO18rsgAgH+:5rQeDngMx5JVJa1RsKiMZ1zgAg
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
ff2e1261175ca36b11a12fc96382d1d4
-
SHA1
7f212abf911d58906b4d1332f3d226ed3e7410d1
-
SHA256
56d99af6e7fdc862e61b3574c9a3f86bb640b70369bc48e8827e373a2e629bcd
-
SHA512
2d7b96ed299804cd017b841b902f190c93dfe0713d863326331fe47031cdf31178ba464cddc4452db1f8586b87f899eb13a8b0ffde2781f6e8f95e862caa2659
-
SSDEEP
49152:5qAQMxDPfW3Mx5JVJatTRsp0PkDMWO18rsgAgH+:5rQeDngMx5JVJa1RsKiMZ1zgAg
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2