0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac | Triage

Sharing

General

Target

0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac.exe
Size

2.7MB
Sample

241122-chyzqaxrfl
MD5

832c9676a2a7c2ad3af65ca7c3cde743
SHA1

b773918c7b1880094b9da6153d27c9d718032df7
SHA256

0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac
SHA512

39c64a295bba8e1aab00025bd1f44b6c67e770ed34285667b4243244c90641a71a894159f7c8d9f95d757370907cbfb8f5572350a37963129a06b9f7f436282d
SSDEEP

49152:2Cgk7+lo2sSwASoOt7sEBR8vWJVTAGzeEMJc05:rgk7+lo2sS5S57sErqWJhHyEMJc

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac.exe
- Size
  
  2.7MB
- MD5
  
  832c9676a2a7c2ad3af65ca7c3cde743
- SHA1
  
  b773918c7b1880094b9da6153d27c9d718032df7
- SHA256
  
  0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac
- SHA512
  
  39c64a295bba8e1aab00025bd1f44b6c67e770ed34285667b4243244c90641a71a894159f7c8d9f95d757370907cbfb8f5572350a37963129a06b9f7f436282d
- SSDEEP
  
  49152:2Cgk7+lo2sSwASoOt7sEBR8vWJVTAGzeEMJc05:rgk7+lo2sS5S57sErqWJhHyEMJc
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan