General
-
Target
318eb5f663a9bf41d278cb387fdd15f224ee15032f3dbaa7e9a48126cd254735.exe
-
Size
2.6MB
-
Sample
241122-h1jweawmet
-
MD5
d8e50ee937d59e0a9aff112c211f2d1d
-
SHA1
994cb44603afd8dc995049a35ce73e199e4f4a3b
-
SHA256
318eb5f663a9bf41d278cb387fdd15f224ee15032f3dbaa7e9a48126cd254735
-
SHA512
822ee7deed46654a29fc6786aec75c1b0ce537c93bafd00e949c092f7b8c30d8c35eb9f2a306131dd2e8c87b805fc9066d29fe27ab85ffbbaaab3d25b0876151
-
SSDEEP
49152:h0Sk1NiPWUBwqbUUBgxIRripJuQRkjEGCr:q1NWWUvbUIgxIRr8JuQRPGCr
Malware Config
Targets
-
-
Target
318eb5f663a9bf41d278cb387fdd15f224ee15032f3dbaa7e9a48126cd254735.exe
-
Size
2.6MB
-
MD5
d8e50ee937d59e0a9aff112c211f2d1d
-
SHA1
994cb44603afd8dc995049a35ce73e199e4f4a3b
-
SHA256
318eb5f663a9bf41d278cb387fdd15f224ee15032f3dbaa7e9a48126cd254735
-
SHA512
822ee7deed46654a29fc6786aec75c1b0ce537c93bafd00e949c092f7b8c30d8c35eb9f2a306131dd2e8c87b805fc9066d29fe27ab85ffbbaaab3d25b0876151
-
SSDEEP
49152:h0Sk1NiPWUBwqbUUBgxIRripJuQRkjEGCr:q1NWWUvbUIgxIRr8JuQRPGCr
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2