Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.7MB

  • Sample

    241122-xgtc3awmgv

  • MD5

    65650d0918fa25e48b9becb46f001c3f

  • SHA1

    09b56cc99dd74ccfbf08166023c9be6aa5132970

  • SHA256

    ab0c3f5cfb603911e16064d4d783ed4b44e74242325f073dc49beded13b5944e

  • SHA512

    7f1d5bf947fa5626fcb7a7420e2795f47240940e6788159fecbce3eeb3c6ab790710103c19d2344f9b37b55fceb52abaef8c4f27aa08e2b043dcd61c292a0a4e

  • SSDEEP

    24576:+y30Tkdx9BWbymRaItXYLcSq7GEINFIv67JMxwjyRAQEexf/RawVLagIaAJMoNlY:h3FmRaItX2czGeYwAQE6amLqD1qI9

Score
10/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.7MB

    • MD5

      65650d0918fa25e48b9becb46f001c3f

    • SHA1

      09b56cc99dd74ccfbf08166023c9be6aa5132970

    • SHA256

      ab0c3f5cfb603911e16064d4d783ed4b44e74242325f073dc49beded13b5944e

    • SHA512

      7f1d5bf947fa5626fcb7a7420e2795f47240940e6788159fecbce3eeb3c6ab790710103c19d2344f9b37b55fceb52abaef8c4f27aa08e2b043dcd61c292a0a4e

    • SSDEEP

      24576:+y30Tkdx9BWbymRaItXYLcSq7GEINFIv67JMxwjyRAQEexf/RawVLagIaAJMoNlY:h3FmRaItX2czGeYwAQE6amLqD1qI9

    Score
    10/10
    discoveryevasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks