Overview

overview

10

Static

static

3

4e32b7750d...42.exe

windows7-x64

10

4e32b7750d...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64fae8982e9943f1f140dd0656989812.bin

  • Size

    1.6MB

  • Sample

    241122-bp638sxmdk

  • MD5

    e6588b83593632037ac8913325cdba43

  • SHA1

    be8d386f958ba76511c19a7c9b2d4aee814356a7

  • SHA256

    d69578778c369060e7cee3102c45cd759baead2cb379b4b7a0620e16b712d56e

  • SHA512

    eef05f4097a9bfca5972284cbf82260e8617420708ec71a5d55bc97d94b0db927ac40c3cf7ed223065263c71ee9e271e5862be0658339f53d0d3dac80fcef130

  • SSDEEP

    49152:7DXL/YdfXndGs4IrQ7QW6rA0KR8SCP0MT1z:P7/Ydft6IrQ7Q5U0MMT1z

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      4e32b7750d935b1eb8acdeaeb9c701e7a9b390be3c37db6769d520c000b66d42.exe

    • Size

      2.6MB

    • MD5

      64fae8982e9943f1f140dd0656989812

    • SHA1

      1b140805481dbef455b41d174e11766e23670185

    • SHA256

      4e32b7750d935b1eb8acdeaeb9c701e7a9b390be3c37db6769d520c000b66d42

    • SHA512

      0a84271da4550930f5b75a0331d9c7cdc74bfda37e6e6efe2b1dde2b9d41fe990b9d3d87e583089e5c07cc88457a7668a50bd9c26101f19347472170f61b5c79

    • SSDEEP

      49152:t4ti6sIgjJXr0oeCrWyPjaoVtOQ94mn+GeG:t4t3sLjJXwoxSyPjaoVtP99+GZ

    Score
    10/10
    discoveryevasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks