General
-
Target
b19e58f2f509590e8cb1f79218b9c0893130a929fcc21737b48f7238380c9c6d.exe
-
Size
2.7MB
-
Sample
241122-df17qstjbt
-
MD5
61fe9ca456c2881848651738ab9f7148
-
SHA1
589e60d69861bcc653b86d76fcf2e56ccc808521
-
SHA256
b19e58f2f509590e8cb1f79218b9c0893130a929fcc21737b48f7238380c9c6d
-
SHA512
530bfa627ac2033ea6845031b1860e3d575ff8054a3406d3c41e12f75ccea510849a34681f3217d9ec72cf2b3fe847acba3e431f0885507967a1539918a6fa5f
-
SSDEEP
49152:zFrBhv2L2akfRgw1oT0ZBcN5mLyxDpQGabQ4:zFrBhuqakfd1oDN5C+pLqx
Malware Config
Targets
-
-
Target
b19e58f2f509590e8cb1f79218b9c0893130a929fcc21737b48f7238380c9c6d.exe
-
Size
2.7MB
-
MD5
61fe9ca456c2881848651738ab9f7148
-
SHA1
589e60d69861bcc653b86d76fcf2e56ccc808521
-
SHA256
b19e58f2f509590e8cb1f79218b9c0893130a929fcc21737b48f7238380c9c6d
-
SHA512
530bfa627ac2033ea6845031b1860e3d575ff8054a3406d3c41e12f75ccea510849a34681f3217d9ec72cf2b3fe847acba3e431f0885507967a1539918a6fa5f
-
SSDEEP
49152:zFrBhv2L2akfRgw1oT0ZBcN5mLyxDpQGabQ4:zFrBhuqakfd1oDN5C+pLqx
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2