General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241121-xvsnpazjdq
-
MD5
dd9ad82b68a13333652866431f0ee8d9
-
SHA1
23b45a0875b428204f4f3448442aae222274612f
-
SHA256
8ba30fce56df7cd2c37d70dda3dbde19b2d5ff5c3896e791e484f2a1838fd106
-
SHA512
35311c88fd3fa87f3ecbb4442c77d349673fcf8f7d6b68ba781efd1a95ef562a26dc3623437304f1b69bc128f8dce28656cf28a1e79d2ff0528d6c93def13ee7
-
SSDEEP
24576:sn+QXRsBACBZyUN127toM2LMkGhQZFs7/kKLe1dpP2DSm1rwEIaMAygb67G50uey:w+QRW7Z7Py17EuDS3vAbkTle38WX
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
dd9ad82b68a13333652866431f0ee8d9
-
SHA1
23b45a0875b428204f4f3448442aae222274612f
-
SHA256
8ba30fce56df7cd2c37d70dda3dbde19b2d5ff5c3896e791e484f2a1838fd106
-
SHA512
35311c88fd3fa87f3ecbb4442c77d349673fcf8f7d6b68ba781efd1a95ef562a26dc3623437304f1b69bc128f8dce28656cf28a1e79d2ff0528d6c93def13ee7
-
SSDEEP
24576:sn+QXRsBACBZyUN127toM2LMkGhQZFs7/kKLe1dpP2DSm1rwEIaMAygb67G50uey:w+QRW7Z7Py17EuDS3vAbkTle38WX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2