General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241122-jgy2nawqcs
-
MD5
fceaf512d5a53cbdc093149c76b6ef99
-
SHA1
29776dad9da781817c54d5ab6d3add547382937e
-
SHA256
ba19021aa240c1d2da39065aef88728c164ca358d85eec9f26aafb59e4f9386a
-
SHA512
b799433579da32515553d7bfea61572cee9616cb08a08b6f5eac45b76515db8540454970b11d23482151cba2dba2d0e7b0dc121efd6c55dce4ea9e2a11670a6f
-
SSDEEP
49152:KLDP0SCgtFq9eHX7E5k34coWKQONRmzSQ5lHn2sV:KL7jCg3q9ErE5kIcr0RCH2
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
fceaf512d5a53cbdc093149c76b6ef99
-
SHA1
29776dad9da781817c54d5ab6d3add547382937e
-
SHA256
ba19021aa240c1d2da39065aef88728c164ca358d85eec9f26aafb59e4f9386a
-
SHA512
b799433579da32515553d7bfea61572cee9616cb08a08b6f5eac45b76515db8540454970b11d23482151cba2dba2d0e7b0dc121efd6c55dce4ea9e2a11670a6f
-
SSDEEP
49152:KLDP0SCgtFq9eHX7E5k34coWKQONRmzSQ5lHn2sV:KL7jCg3q9ErE5kIcr0RCH2
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2