General
-
Target
9efd52baf27481abd9f9570bc5e341cbadad8dfe665b1d54fc11796aecc26a40.exe
-
Size
2.7MB
-
Sample
241121-zgdcysxmdt
-
MD5
b164935b4a4790477b32dbb287eef482
-
SHA1
6526a5f1d92375b51da8e8aa1ed5850ae016b1e7
-
SHA256
9efd52baf27481abd9f9570bc5e341cbadad8dfe665b1d54fc11796aecc26a40
-
SHA512
ef53f74dd152bda755af12e2cc2960836389b662920a59a74d1204f8182ad5b6f82c8af368b9f0d7958c8897846eb72eeb6114752379bf7c804332abc9ee3ed2
-
SSDEEP
24576:iSMKh2KOJ1kDscX/URltnsZsLz35IbxGudkGSEykeiSR0HZEWDmSrFppUxt66X9B:GKh2KOXcPytSfhFppU1J51J/doL+gVW
Malware Config
Targets
-
-
Target
9efd52baf27481abd9f9570bc5e341cbadad8dfe665b1d54fc11796aecc26a40.exe
-
Size
2.7MB
-
MD5
b164935b4a4790477b32dbb287eef482
-
SHA1
6526a5f1d92375b51da8e8aa1ed5850ae016b1e7
-
SHA256
9efd52baf27481abd9f9570bc5e341cbadad8dfe665b1d54fc11796aecc26a40
-
SHA512
ef53f74dd152bda755af12e2cc2960836389b662920a59a74d1204f8182ad5b6f82c8af368b9f0d7958c8897846eb72eeb6114752379bf7c804332abc9ee3ed2
-
SSDEEP
24576:iSMKh2KOJ1kDscX/URltnsZsLz35IbxGudkGSEykeiSR0HZEWDmSrFppUxt66X9B:GKh2KOXcPytSfhFppU1J51J/doL+gVW
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2