General
-
Target
578e5e7b4cedcbfc0aeacc3ebd40ca2474a114ed7a7da02ba5b77af27d14bde0.exe
-
Size
2.7MB
-
Sample
241121-yq3tjazrbj
-
MD5
3a70b040086efded50583b73a8ae051c
-
SHA1
3501e008e5c242d2a86aa97fa8fba8a02eab7b63
-
SHA256
578e5e7b4cedcbfc0aeacc3ebd40ca2474a114ed7a7da02ba5b77af27d14bde0
-
SHA512
763cb0cdd441203100fb73a9f69fcfbd192e9af1d95d3e88c8d86e20d4d345356455199810e6fd11b13f36d9c3583208d32658b28fde8e77700c0f93a3e9ab78
-
SSDEEP
49152:hhPJkBzTjDtX3Ya0W0J7EXE6rFMONQqbAXCyipCZ91/QKcCxRL1yP:hhPJkBzTjDtX3YlRJ7E00FH8SyiUIDCe
Malware Config
Targets
-
-
Target
578e5e7b4cedcbfc0aeacc3ebd40ca2474a114ed7a7da02ba5b77af27d14bde0.exe
-
Size
2.7MB
-
MD5
3a70b040086efded50583b73a8ae051c
-
SHA1
3501e008e5c242d2a86aa97fa8fba8a02eab7b63
-
SHA256
578e5e7b4cedcbfc0aeacc3ebd40ca2474a114ed7a7da02ba5b77af27d14bde0
-
SHA512
763cb0cdd441203100fb73a9f69fcfbd192e9af1d95d3e88c8d86e20d4d345356455199810e6fd11b13f36d9c3583208d32658b28fde8e77700c0f93a3e9ab78
-
SSDEEP
49152:hhPJkBzTjDtX3Ya0W0J7EXE6rFMONQqbAXCyipCZ91/QKcCxRL1yP:hhPJkBzTjDtX3YlRJ7E00FH8SyiUIDCe
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2