General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241121-vr467stbpb
-
MD5
0bb88754e164f3ce3853b0c2b823d140
-
SHA1
51c57bab308b0aa2c8477b2cd60803c19d98dd11
-
SHA256
9f48b62e3ae09c545cd40e074a44d833bca136da8971dce12aad758272d5bf54
-
SHA512
71f4cffd6dae155adc6e03a5cf38a8297eb15941a179ecebbcd99c0eb2a41385848d0599d32343031848effd041b80c6d454574ff6dd7ef333355948ab9db8d1
-
SSDEEP
49152:6FRxBeHlkcv5x6smtj0vWaaES9P50rOb9fKf4JJnt8h:IxBeHlkcv5x6smtovWatPOb9fKf4JJni
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
0bb88754e164f3ce3853b0c2b823d140
-
SHA1
51c57bab308b0aa2c8477b2cd60803c19d98dd11
-
SHA256
9f48b62e3ae09c545cd40e074a44d833bca136da8971dce12aad758272d5bf54
-
SHA512
71f4cffd6dae155adc6e03a5cf38a8297eb15941a179ecebbcd99c0eb2a41385848d0599d32343031848effd041b80c6d454574ff6dd7ef333355948ab9db8d1
-
SSDEEP
49152:6FRxBeHlkcv5x6smtj0vWaaES9P50rOb9fKf4JJnt8h:IxBeHlkcv5x6smtovWatPOb9fKf4JJni
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2