General
-
Target
file.exe
-
Size
2.7MB
-
Sample
241122-yb993atjan
-
MD5
739f477149675de9ea6d954bb446ffae
-
SHA1
aca9016270132680f49490050e36be6b3d890528
-
SHA256
de661c359365b8b0c0287fdc01881b208744aca0341a21bc271970975bf91307
-
SHA512
49fbd92ec2e08daa9bfe3653c14cf346e716c875b9d2593420fb55431b568cf9295d8ee65a98864ef90c1f591550a1cf3a5dea3cb4f285e657723f84712a977d
-
SSDEEP
49152:Uel2vJ/sO2P+lvS2VPHcLDEfvpTQFz1EvY:Uel2vNH2P+l62a/rF
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
739f477149675de9ea6d954bb446ffae
-
SHA1
aca9016270132680f49490050e36be6b3d890528
-
SHA256
de661c359365b8b0c0287fdc01881b208744aca0341a21bc271970975bf91307
-
SHA512
49fbd92ec2e08daa9bfe3653c14cf346e716c875b9d2593420fb55431b568cf9295d8ee65a98864ef90c1f591550a1cf3a5dea3cb4f285e657723f84712a977d
-
SSDEEP
49152:Uel2vJ/sO2P+lvS2VPHcLDEfvpTQFz1EvY:Uel2vNH2P+l62a/rF
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2