General
-
Target
be543dfd2cd00d7facee820b9240baf80b5d7fd097839538513ce69856b72322.exe
-
Size
2.6MB
-
Sample
241122-djpccayrbk
-
MD5
12b17e8017b4ec029d6918a25a6df2e8
-
SHA1
ed892ccc00d923e5b50031eee1c78d92567b0f9e
-
SHA256
be543dfd2cd00d7facee820b9240baf80b5d7fd097839538513ce69856b72322
-
SHA512
c3fe8eeb415bab9c2b3fe8aeff458879f5d2fd074ab71c9d85bfb2cd3f2e1a2f67381cd3868bf852a0dbe87446a5b02f300d8566767413bc8777f5aebc0e9862
-
SSDEEP
49152:RCeHq/6c73sCMlYg5ocl42gVc4ANYw/C3V2wNk:RCeHq/6c73s/lYg5ocNgC4A+w/ClfNk
Malware Config
Targets
-
-
Target
be543dfd2cd00d7facee820b9240baf80b5d7fd097839538513ce69856b72322.exe
-
Size
2.6MB
-
MD5
12b17e8017b4ec029d6918a25a6df2e8
-
SHA1
ed892ccc00d923e5b50031eee1c78d92567b0f9e
-
SHA256
be543dfd2cd00d7facee820b9240baf80b5d7fd097839538513ce69856b72322
-
SHA512
c3fe8eeb415bab9c2b3fe8aeff458879f5d2fd074ab71c9d85bfb2cd3f2e1a2f67381cd3868bf852a0dbe87446a5b02f300d8566767413bc8777f5aebc0e9862
-
SSDEEP
49152:RCeHq/6c73sCMlYg5ocl42gVc4ANYw/C3V2wNk:RCeHq/6c73s/lYg5ocNgC4A+w/ClfNk
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2