General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241122-dy7r8szlaj
-
MD5
28474a1cb1fafe42f6e83116e07f1837
-
SHA1
6d82769476d95cd6b76b66915a74c3a6e397df69
-
SHA256
8d4389889ccd0f0e2a86d99509dc019c7cb2109626b5e813cf095ee2bd8a8dbf
-
SHA512
95250aa926c90a6c05354be51a7d9589b1b9e56a8265b29df3e2b81c6c9af4af9d1c377c55aaf77143a4924d69be62895b4b34907f9dba33e99f6d83aacb5657
-
SSDEEP
24576:jnjB7FpN0SVFz8CWPNiprjOA/ddxv0Z0pelC6BK8ujbaf0PskSXzEHp8QGyUknPT:jjowfbdTLjIzEaQGyUaeKGFanEKL
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
28474a1cb1fafe42f6e83116e07f1837
-
SHA1
6d82769476d95cd6b76b66915a74c3a6e397df69
-
SHA256
8d4389889ccd0f0e2a86d99509dc019c7cb2109626b5e813cf095ee2bd8a8dbf
-
SHA512
95250aa926c90a6c05354be51a7d9589b1b9e56a8265b29df3e2b81c6c9af4af9d1c377c55aaf77143a4924d69be62895b4b34907f9dba33e99f6d83aacb5657
-
SSDEEP
24576:jnjB7FpN0SVFz8CWPNiprjOA/ddxv0Z0pelC6BK8ujbaf0PskSXzEHp8QGyUknPT:jjowfbdTLjIzEaQGyUaeKGFanEKL
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2