General
-
Target
6713297d043e35e7f6583d01995417633bf301982a9a3211bea7ccfce5699614.exe
-
Size
2.6MB
-
Sample
241122-jh7eesspan
-
MD5
d34a89fad6bcdc342032cf75d356f7d5
-
SHA1
8089a17ce4e58dedd857039e7f89168b1f3046e5
-
SHA256
6713297d043e35e7f6583d01995417633bf301982a9a3211bea7ccfce5699614
-
SHA512
8f3d71b1b2fb8770918c39eb875e4be8347d8fe80b822252cfd69f9cbe583f8403a066d99a24ef41005cdff04372c153ad488f10a2e57f9b89a922e4940c3d09
-
SSDEEP
49152:9NCDDt6uqGQ2XxCzynx+Px/hK/Lm9y1VGM0y/za:XCDDtDqGzXxxxE/Ia9kVEMa
Malware Config
Targets
-
-
Target
6713297d043e35e7f6583d01995417633bf301982a9a3211bea7ccfce5699614.exe
-
Size
2.6MB
-
MD5
d34a89fad6bcdc342032cf75d356f7d5
-
SHA1
8089a17ce4e58dedd857039e7f89168b1f3046e5
-
SHA256
6713297d043e35e7f6583d01995417633bf301982a9a3211bea7ccfce5699614
-
SHA512
8f3d71b1b2fb8770918c39eb875e4be8347d8fe80b822252cfd69f9cbe583f8403a066d99a24ef41005cdff04372c153ad488f10a2e57f9b89a922e4940c3d09
-
SSDEEP
49152:9NCDDt6uqGQ2XxCzynx+Px/hK/Lm9y1VGM0y/za:XCDDtDqGzXxxxE/Ia9kVEMa
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2