General
-
Target
0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac.exe
-
Size
2.7MB
-
Sample
241122-cla23askew
-
MD5
832c9676a2a7c2ad3af65ca7c3cde743
-
SHA1
b773918c7b1880094b9da6153d27c9d718032df7
-
SHA256
0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac
-
SHA512
39c64a295bba8e1aab00025bd1f44b6c67e770ed34285667b4243244c90641a71a894159f7c8d9f95d757370907cbfb8f5572350a37963129a06b9f7f436282d
-
SSDEEP
49152:2Cgk7+lo2sSwASoOt7sEBR8vWJVTAGzeEMJc05:rgk7+lo2sS5S57sErqWJhHyEMJc
Malware Config
Targets
-
-
Target
0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac.exe
-
Size
2.7MB
-
MD5
832c9676a2a7c2ad3af65ca7c3cde743
-
SHA1
b773918c7b1880094b9da6153d27c9d718032df7
-
SHA256
0ba03d7bec04e966e7190bd15147ceda3c950a0fcd02d2c0cfe0afd51e5b5eac
-
SHA512
39c64a295bba8e1aab00025bd1f44b6c67e770ed34285667b4243244c90641a71a894159f7c8d9f95d757370907cbfb8f5572350a37963129a06b9f7f436282d
-
SSDEEP
49152:2Cgk7+lo2sSwASoOt7sEBR8vWJVTAGzeEMJc05:rgk7+lo2sS5S57sErqWJhHyEMJc
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2