General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241122-xcbmfssjeq
-
MD5
65650d0918fa25e48b9becb46f001c3f
-
SHA1
09b56cc99dd74ccfbf08166023c9be6aa5132970
-
SHA256
ab0c3f5cfb603911e16064d4d783ed4b44e74242325f073dc49beded13b5944e
-
SHA512
7f1d5bf947fa5626fcb7a7420e2795f47240940e6788159fecbce3eeb3c6ab790710103c19d2344f9b37b55fceb52abaef8c4f27aa08e2b043dcd61c292a0a4e
-
SSDEEP
24576:+y30Tkdx9BWbymRaItXYLcSq7GEINFIv67JMxwjyRAQEexf/RawVLagIaAJMoNlY:h3FmRaItX2czGeYwAQE6amLqD1qI9
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
65650d0918fa25e48b9becb46f001c3f
-
SHA1
09b56cc99dd74ccfbf08166023c9be6aa5132970
-
SHA256
ab0c3f5cfb603911e16064d4d783ed4b44e74242325f073dc49beded13b5944e
-
SHA512
7f1d5bf947fa5626fcb7a7420e2795f47240940e6788159fecbce3eeb3c6ab790710103c19d2344f9b37b55fceb52abaef8c4f27aa08e2b043dcd61c292a0a4e
-
SSDEEP
24576:+y30Tkdx9BWbymRaItXYLcSq7GEINFIv67JMxwjyRAQEexf/RawVLagIaAJMoNlY:h3FmRaItX2czGeYwAQE6amLqD1qI9
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2