General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241122-py3daswqgq
-
MD5
c68468cca7d2ffff2e8284cdfb61702c
-
SHA1
24aaedb30a4e7a975d417a5138cea0c9bedf0893
-
SHA256
28da094cc2edfc34b26fcc9caa83c5847f4009ef1e4d941d66f43fdae8756c6a
-
SHA512
7bef7c004e5a156b35a76033ff1492689d397762d94d498ad1ca7bc029e84eab4211ef5c40eb741b3aa73381381c27444757a6d4754b52621aa568510ea00620
-
SSDEEP
49152:cHt4VLxFUeRo3skFjcNmqCUxv+01VxAlpdm:cHt4VLDUeRo3skFcNmqC41W4
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
c68468cca7d2ffff2e8284cdfb61702c
-
SHA1
24aaedb30a4e7a975d417a5138cea0c9bedf0893
-
SHA256
28da094cc2edfc34b26fcc9caa83c5847f4009ef1e4d941d66f43fdae8756c6a
-
SHA512
7bef7c004e5a156b35a76033ff1492689d397762d94d498ad1ca7bc029e84eab4211ef5c40eb741b3aa73381381c27444757a6d4754b52621aa568510ea00620
-
SSDEEP
49152:cHt4VLxFUeRo3skFjcNmqCUxv+01VxAlpdm:cHt4VLDUeRo3skFcNmqC41W4
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2