General
-
Target
56d99af6e7fdc862e61b3574c9a3f86bb640b70369bc48e8827e373a2e629bcd.exe
-
Size
2.6MB
-
Sample
241122-cxpplasncw
-
MD5
ff2e1261175ca36b11a12fc96382d1d4
-
SHA1
7f212abf911d58906b4d1332f3d226ed3e7410d1
-
SHA256
56d99af6e7fdc862e61b3574c9a3f86bb640b70369bc48e8827e373a2e629bcd
-
SHA512
2d7b96ed299804cd017b841b902f190c93dfe0713d863326331fe47031cdf31178ba464cddc4452db1f8586b87f899eb13a8b0ffde2781f6e8f95e862caa2659
-
SSDEEP
49152:5qAQMxDPfW3Mx5JVJatTRsp0PkDMWO18rsgAgH+:5rQeDngMx5JVJa1RsKiMZ1zgAg
Static task
static1
Behavioral task
behavioral1
Sample
56d99af6e7fdc862e61b3574c9a3f86bb640b70369bc48e8827e373a2e629bcd.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
56d99af6e7fdc862e61b3574c9a3f86bb640b70369bc48e8827e373a2e629bcd.exe
-
Size
2.6MB
-
MD5
ff2e1261175ca36b11a12fc96382d1d4
-
SHA1
7f212abf911d58906b4d1332f3d226ed3e7410d1
-
SHA256
56d99af6e7fdc862e61b3574c9a3f86bb640b70369bc48e8827e373a2e629bcd
-
SHA512
2d7b96ed299804cd017b841b902f190c93dfe0713d863326331fe47031cdf31178ba464cddc4452db1f8586b87f899eb13a8b0ffde2781f6e8f95e862caa2659
-
SSDEEP
49152:5qAQMxDPfW3Mx5JVJatTRsp0PkDMWO18rsgAgH+:5rQeDngMx5JVJa1RsKiMZ1zgAg
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2