General
-
Target
YUPDR_file.exe
-
Size
2.6MB
-
Sample
241122-r93vbayndl
-
MD5
6ed3ec59a37199546b8d9893d3df0992
-
SHA1
54c6360d1f5ae9ddd734a976c388184426a9a195
-
SHA256
b24ad548d9f0b3a3878994cf3cc97f23db47bbd1421866a2fd69bbbb2bbcd046
-
SHA512
f421b945c387bde993f26e36b83773871e9436031aa1e329bc8c8cace0a182ff7a4b759a2736d163e67a6740f4e127d0390a447eb81987af3686d3049a0d3cde
-
SSDEEP
24576:Sj5KN2/7t1B8VXwWXqoiJ7XY3/cqwwFPFNd0dioa6Gd8xDnblctGo/hjrYZh1ECq:u5KN2/7gXpcu8Gd8xDn+Pa1e3H
Static task
static1
Behavioral task
behavioral1
Sample
YUPDR_file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
YUPDR_file.exe
-
Size
2.6MB
-
MD5
6ed3ec59a37199546b8d9893d3df0992
-
SHA1
54c6360d1f5ae9ddd734a976c388184426a9a195
-
SHA256
b24ad548d9f0b3a3878994cf3cc97f23db47bbd1421866a2fd69bbbb2bbcd046
-
SHA512
f421b945c387bde993f26e36b83773871e9436031aa1e329bc8c8cace0a182ff7a4b759a2736d163e67a6740f4e127d0390a447eb81987af3686d3049a0d3cde
-
SSDEEP
24576:Sj5KN2/7t1B8VXwWXqoiJ7XY3/cqwwFPFNd0dioa6Gd8xDnblctGo/hjrYZh1ECq:u5KN2/7gXpcu8Gd8xDn+Pa1e3H
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2