General
-
Target
file.exe
-
Size
2.8MB
-
Sample
241122-et8z6szpcr
-
MD5
0088235be044c8a88124dd1b58b186e7
-
SHA1
31107b10e2d6f4d9b928aaf8fc53ec209823c0c4
-
SHA256
9ba473c3f4b60970545a8756d91f2461a84c6236aee185f89f064e0fbc60599e
-
SHA512
795f3faf3ea95e0e796ef62353072a5cb6eaa00884694b62b747e43492dd4591cede7fae2a280711fcd8dc7ee6f509e46259564942d3448c403e2bc31ac85fd2
-
SSDEEP
49152:UdM4Oztvu0r2INNaWBx9XcCdZ+c9GEFkRY:U7Ozt2w2INNamXfd8QGEFR
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.8MB
-
MD5
0088235be044c8a88124dd1b58b186e7
-
SHA1
31107b10e2d6f4d9b928aaf8fc53ec209823c0c4
-
SHA256
9ba473c3f4b60970545a8756d91f2461a84c6236aee185f89f064e0fbc60599e
-
SHA512
795f3faf3ea95e0e796ef62353072a5cb6eaa00884694b62b747e43492dd4591cede7fae2a280711fcd8dc7ee6f509e46259564942d3448c403e2bc31ac85fd2
-
SSDEEP
49152:UdM4Oztvu0r2INNaWBx9XcCdZ+c9GEFkRY:U7Ozt2w2INNamXfd8QGEFR
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2