General
-
Target
f9726e10c350b4199dde3b4bdaa6716a35fd1817a2659192762d1463e511d308N.exe
-
Size
2.6MB
-
Sample
241122-r5bj9symdn
-
MD5
fe75f0e739e3889f3169358abc660e60
-
SHA1
7956287cd78f9823a1bbf9aa9b3d5121cd55785b
-
SHA256
f9726e10c350b4199dde3b4bdaa6716a35fd1817a2659192762d1463e511d308
-
SHA512
cccaaef343f6659f719062b0819a7304f05cf526251826548200d06dc9809cb48ead0b939abc0f6139a4877b9234e9dacf8a756c40cd607ddef692d256676f19
-
SSDEEP
49152:CEtM3w6QoIPr9fNyv/qlNBPJGpnyzgnNrNMeMsYM0:CEtM3wDoIRov/Q3PJ3gnLhYM
Malware Config
Targets
-
-
Target
f9726e10c350b4199dde3b4bdaa6716a35fd1817a2659192762d1463e511d308N.exe
-
Size
2.6MB
-
MD5
fe75f0e739e3889f3169358abc660e60
-
SHA1
7956287cd78f9823a1bbf9aa9b3d5121cd55785b
-
SHA256
f9726e10c350b4199dde3b4bdaa6716a35fd1817a2659192762d1463e511d308
-
SHA512
cccaaef343f6659f719062b0819a7304f05cf526251826548200d06dc9809cb48ead0b939abc0f6139a4877b9234e9dacf8a756c40cd607ddef692d256676f19
-
SSDEEP
49152:CEtM3w6QoIPr9fNyv/qlNBPJGpnyzgnNrNMeMsYM0:CEtM3wDoIRov/Q3PJ3gnLhYM
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2