General
-
Target
ff01b5545fe20fa6de5ce06212a573e90451ddc2f5da8e7a0234285af729b050.exe
-
Size
2.0MB
-
Sample
241122-rdgl7sxqgj
-
MD5
e20eb29aa454b5381c11c68d875a6925
-
SHA1
930c635fbfffa29ff2c58c665a7e3404c932f2e0
-
SHA256
ff01b5545fe20fa6de5ce06212a573e90451ddc2f5da8e7a0234285af729b050
-
SHA512
4a491b89a7f186eda3efbfeeaefaa1ced0eeca39c987606648d7a1ae62b1939ddab79f48cd725221a36da948449833f868f1ab2aff992061f884893c3a0b6206
-
SSDEEP
49152:6EB87SJq3vxVDWRkwaxgtPtIorS0+Um6XyNPTVKejl:6EB81yXautPeorSGTSEex
Malware Config
Targets
-
-
Target
ff01b5545fe20fa6de5ce06212a573e90451ddc2f5da8e7a0234285af729b050.exe
-
Size
2.0MB
-
MD5
e20eb29aa454b5381c11c68d875a6925
-
SHA1
930c635fbfffa29ff2c58c665a7e3404c932f2e0
-
SHA256
ff01b5545fe20fa6de5ce06212a573e90451ddc2f5da8e7a0234285af729b050
-
SHA512
4a491b89a7f186eda3efbfeeaefaa1ced0eeca39c987606648d7a1ae62b1939ddab79f48cd725221a36da948449833f868f1ab2aff992061f884893c3a0b6206
-
SSDEEP
49152:6EB87SJq3vxVDWRkwaxgtPtIorS0+Um6XyNPTVKejl:6EB81yXautPeorSGTSEex
Score10/10-
Modifies visibility of file extensions in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Network Share Discovery
Attempt to gather information on host network.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
2