General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241212-s62zaaymf1
-
MD5
3b8b3018e3283830627249d26305419d
-
SHA1
40fa5ef5594f9e32810c023aba5b6b8cea82f680
-
SHA256
258e444e78225f74d47ba4698d49a33e6d1f6ed1f3f710186be426078e2bf1cb
-
SHA512
2e9a42e53406446b503f150abfa16b994ee34211830d14ccbfbf52d86019dc5cca95c40222e5c6aed910c90988f999560ff972c575f9c207d7834abba6f04aa0
-
SSDEEP
49152:P8nqKzUOChrrWci7WP+g5YQtli9T0n26vwh:PsqJJrrWviPcf6
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
3b8b3018e3283830627249d26305419d
-
SHA1
40fa5ef5594f9e32810c023aba5b6b8cea82f680
-
SHA256
258e444e78225f74d47ba4698d49a33e6d1f6ed1f3f710186be426078e2bf1cb
-
SHA512
2e9a42e53406446b503f150abfa16b994ee34211830d14ccbfbf52d86019dc5cca95c40222e5c6aed910c90988f999560ff972c575f9c207d7834abba6f04aa0
-
SSDEEP
49152:P8nqKzUOChrrWci7WP+g5YQtli9T0n26vwh:PsqJJrrWviPcf6
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2