Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.6MB

  • Sample

    241122-npe1zawkal

  • MD5

    5af36bb43cce3acc83f3113ba20156ee

  • SHA1

    8a51b7a9f5195321a68736ecb4a8c6356c80af94

  • SHA256

    08451cdd0fd94f955d77aa2c6439ee9b441ce204a3b4b49ca8096ec5f3d7c402

  • SHA512

    e03ae96ac9bb4ec55d33b87a6c302a46a83d8fed80712a212217cb89c3b56e53f8e892f6eb42e61e0601e4f1f909f1f5b2e6001623d018f243d78eb0418cbdec

  • SSDEEP

    49152:3MPQa4Bw0VCFx0300Z0EeVlHkN9CKIokoji:3MPQa4BtVCFx0E0ZnoENzSoji

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.6MB

    • MD5

      5af36bb43cce3acc83f3113ba20156ee

    • SHA1

      8a51b7a9f5195321a68736ecb4a8c6356c80af94

    • SHA256

      08451cdd0fd94f955d77aa2c6439ee9b441ce204a3b4b49ca8096ec5f3d7c402

    • SHA512

      e03ae96ac9bb4ec55d33b87a6c302a46a83d8fed80712a212217cb89c3b56e53f8e892f6eb42e61e0601e4f1f909f1f5b2e6001623d018f243d78eb0418cbdec

    • SSDEEP

      49152:3MPQa4Bw0VCFx0300Z0EeVlHkN9CKIokoji:3MPQa4BtVCFx0E0ZnoENzSoji

    Score
    10/10
    discoveryevasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks