General
-
Target
0d6dc94410622d6390d45b269ab1384bb309bd915c7b82704c5a986713cc9fcd.exe
-
Size
2.7MB
-
Sample
241121-xxngravpcy
-
MD5
3f237a801adbc8fbe4ca318af24bc381
-
SHA1
a576051712d9853c98d38a8637c8f1e7d88d3b71
-
SHA256
0d6dc94410622d6390d45b269ab1384bb309bd915c7b82704c5a986713cc9fcd
-
SHA512
f951cb55aa1ef9bc3cbf4b631e9d6ec123b4aa87c6518c39712f1c5ae15f7f8009b93035dc94dd4d0ee3215fabc58ca994a80e89afdd741bdf5d34c9adfe9b20
-
SSDEEP
49152:KMIIhE5qLS+PNoDjcCidwPW1M8I57mt6JMbgfXE:KMI4E5qPFCACHPn8I56t6JMJ
Malware Config
Targets
-
-
Target
0d6dc94410622d6390d45b269ab1384bb309bd915c7b82704c5a986713cc9fcd.exe
-
Size
2.7MB
-
MD5
3f237a801adbc8fbe4ca318af24bc381
-
SHA1
a576051712d9853c98d38a8637c8f1e7d88d3b71
-
SHA256
0d6dc94410622d6390d45b269ab1384bb309bd915c7b82704c5a986713cc9fcd
-
SHA512
f951cb55aa1ef9bc3cbf4b631e9d6ec123b4aa87c6518c39712f1c5ae15f7f8009b93035dc94dd4d0ee3215fabc58ca994a80e89afdd741bdf5d34c9adfe9b20
-
SSDEEP
49152:KMIIhE5qLS+PNoDjcCidwPW1M8I57mt6JMbgfXE:KMI4E5qPFCACHPn8I56t6JMJ
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2