General
-
Target
3405b90146d2374c28a053bca432edf976598a978c8d005f445a034cde1baf73.exe
-
Size
2.7MB
-
Sample
241122-crebnsykdr
-
MD5
27197ee37e70818fe49a4599d486f8fb
-
SHA1
e603da43feb6533e9c7155e1dc7887e1867a7985
-
SHA256
3405b90146d2374c28a053bca432edf976598a978c8d005f445a034cde1baf73
-
SHA512
63148a28f6eb6eb4ea43f667b1d04e5e89d7b3ae90954b5baae50447ab72e28017fff97ccf5d8e47772f4967f538067dc076100d9e1e3ef5bf7a03c0d84f571b
-
SSDEEP
24576:0QRnOtA0AWXLnGmGpD3370UDL04iDRFkcC1AOBbkPzTQJGDe9IlqlY3cElzlfW0L:AnLnGmoD33wUkkcC1AO5sqeJYYaPV2
Malware Config
Targets
-
-
Target
3405b90146d2374c28a053bca432edf976598a978c8d005f445a034cde1baf73.exe
-
Size
2.7MB
-
MD5
27197ee37e70818fe49a4599d486f8fb
-
SHA1
e603da43feb6533e9c7155e1dc7887e1867a7985
-
SHA256
3405b90146d2374c28a053bca432edf976598a978c8d005f445a034cde1baf73
-
SHA512
63148a28f6eb6eb4ea43f667b1d04e5e89d7b3ae90954b5baae50447ab72e28017fff97ccf5d8e47772f4967f538067dc076100d9e1e3ef5bf7a03c0d84f571b
-
SSDEEP
24576:0QRnOtA0AWXLnGmGpD3370UDL04iDRFkcC1AOBbkPzTQJGDe9IlqlY3cElzlfW0L:AnLnGmoD33wUkkcC1AO5sqeJYYaPV2
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2