General
-
Target
bfce1247e957e64aa6903f2abf182dda3be39d0c07cc751db0b4639750495b12.exe
-
Size
2.7MB
-
Sample
241122-dj287stjfy
-
MD5
fd4071d0f320cd91011328a0f904f284
-
SHA1
0517bc8db26f59694d620912f1c48d272b0fd740
-
SHA256
bfce1247e957e64aa6903f2abf182dda3be39d0c07cc751db0b4639750495b12
-
SHA512
9597cfe688f8b6c360ef5934936dbfa575db1eeb24451053c263a019daf96edc42cbef6a61d0fef31b3998a6b77ddb26217574dbb14337f47603887687a0e415
-
SSDEEP
49152:O1PsTNQEiizTu/fytWg1AjdqLUbJf2h8e:O1Ps5QEiizTu/fyt31+kLUbJf2H
Malware Config
Targets
-
-
Target
bfce1247e957e64aa6903f2abf182dda3be39d0c07cc751db0b4639750495b12.exe
-
Size
2.7MB
-
MD5
fd4071d0f320cd91011328a0f904f284
-
SHA1
0517bc8db26f59694d620912f1c48d272b0fd740
-
SHA256
bfce1247e957e64aa6903f2abf182dda3be39d0c07cc751db0b4639750495b12
-
SHA512
9597cfe688f8b6c360ef5934936dbfa575db1eeb24451053c263a019daf96edc42cbef6a61d0fef31b3998a6b77ddb26217574dbb14337f47603887687a0e415
-
SSDEEP
49152:O1PsTNQEiizTu/fytWg1AjdqLUbJf2h8e:O1Ps5QEiizTu/fyt31+kLUbJf2H
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2