General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241122-f8allavpax
-
MD5
ea7b10fa11829c0ef4a26b92a175e297
-
SHA1
b1fa74961129d2c77ceff663e528345c0123cc3b
-
SHA256
1bae6047517dcc64ed7dc0e7b76b32cc1d7a00e5e0fa6a260b286c4f993817e4
-
SHA512
7deceab061a45128aa7f79b6bb577a8b16ed9d5f2a5da49d2e53315e752e61d5da315deb0b26625c5fa3ea1862d1b88d67bfe03696b4a32c8fa769079053b807
-
SSDEEP
49152:i2fThoktBdJIxgfzKj2El7RIbC0Y890Y6LslQYhK:iyTvHdKxgfzbEl7R1u6LstE
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
ea7b10fa11829c0ef4a26b92a175e297
-
SHA1
b1fa74961129d2c77ceff663e528345c0123cc3b
-
SHA256
1bae6047517dcc64ed7dc0e7b76b32cc1d7a00e5e0fa6a260b286c4f993817e4
-
SHA512
7deceab061a45128aa7f79b6bb577a8b16ed9d5f2a5da49d2e53315e752e61d5da315deb0b26625c5fa3ea1862d1b88d67bfe03696b4a32c8fa769079053b807
-
SSDEEP
49152:i2fThoktBdJIxgfzKj2El7RIbC0Y890Y6LslQYhK:iyTvHdKxgfzbEl7R1u6LstE
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2