General
-
Target
file.exe
-
Size
2.6MB
-
Sample
241122-lrmsgsvjak
-
MD5
b92b80d025cacd920a31946803d714b1
-
SHA1
c28100225427eb868fb86c8778983ca3fc2f8093
-
SHA256
5b3647c6886d96b1c1e7af2b4980d17c525442e90bf5b9e07b6fb1e8340568be
-
SHA512
a81ed1b9441db2e96dca20f3ade20061e91209d022baaa9d7e3a10bbb53f4f0320f0b053cce7661caef11fcc69f16e8bbce5aab3b82a7fb994cd96f0dea2a7e1
-
SSDEEP
49152:ztFp6qR+8jnAMmHDnCsjZX5QRcxS1DwoVs8J02:JFp6qR+8jAMmHusNX5QRDwoSs02
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
b92b80d025cacd920a31946803d714b1
-
SHA1
c28100225427eb868fb86c8778983ca3fc2f8093
-
SHA256
5b3647c6886d96b1c1e7af2b4980d17c525442e90bf5b9e07b6fb1e8340568be
-
SHA512
a81ed1b9441db2e96dca20f3ade20061e91209d022baaa9d7e3a10bbb53f4f0320f0b053cce7661caef11fcc69f16e8bbce5aab3b82a7fb994cd96f0dea2a7e1
-
SSDEEP
49152:ztFp6qR+8jnAMmHDnCsjZX5QRcxS1DwoVs8J02:JFp6qR+8jAMmHusNX5QRDwoSs02
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2