General
-
Target
34cba508f5721cf083b3119f9f5f1049cd20d27bf2d3b6f56a07098a740f4e76.exe
-
Size
2.7MB
-
Sample
241122-h3bmtawmht
-
MD5
176b701176a70d6f0e169a2f994114ee
-
SHA1
5e2f754254a4580ae33f900572cc2c5d780e44aa
-
SHA256
34cba508f5721cf083b3119f9f5f1049cd20d27bf2d3b6f56a07098a740f4e76
-
SHA512
aea4beb750a94a57ca973e01b6800aabedd82e9e9577c9298b53276bbcb00d271731b249eea93b68bbbd8242d8346b9fcd53045fd8947150b092a3af756d81fd
-
SSDEEP
49152:vDYgDXLUYqyEW3/FIsFCU5kx02nvJmPzRcB3fvPRY:vEWXL5qN0dIsFC+kx02nvCCBPvPRY
Malware Config
Targets
-
-
Target
34cba508f5721cf083b3119f9f5f1049cd20d27bf2d3b6f56a07098a740f4e76.exe
-
Size
2.7MB
-
MD5
176b701176a70d6f0e169a2f994114ee
-
SHA1
5e2f754254a4580ae33f900572cc2c5d780e44aa
-
SHA256
34cba508f5721cf083b3119f9f5f1049cd20d27bf2d3b6f56a07098a740f4e76
-
SHA512
aea4beb750a94a57ca973e01b6800aabedd82e9e9577c9298b53276bbcb00d271731b249eea93b68bbbd8242d8346b9fcd53045fd8947150b092a3af756d81fd
-
SSDEEP
49152:vDYgDXLUYqyEW3/FIsFCU5kx02nvJmPzRcB3fvPRY:vEWXL5qN0dIsFC+kx02nvCCBPvPRY
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2