General
-
Target
vmzeus_3.3.1.0.vir
-
Size
300KB
-
Sample
200719-axbdp6nzd2
-
MD5
c780cfbc40a338933120ec9efd6d6a0a
-
SHA1
63025be073538fbe61af35e70ae22918bfc172e5
-
SHA256
05fe1601534d962e745acf8c0c577a2dbf87be8e62ea6672be043605d5906716
-
SHA512
c35f2cd5be20fa9f82e24cb852d0d10a63df4e5f4aad09456c5fe28b5f5bde432939b1b998201c8bbfbe36d40fe42da2a25517bdc4716eca782a3887d2ec7d4b
Static task
static1
Behavioral task
behavioral1
Sample
vmzeus_3.3.1.0.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
vmzeus_3.3.1.0.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
vmzeus_3.3.1.0.vir
-
Size
300KB
-
MD5
c780cfbc40a338933120ec9efd6d6a0a
-
SHA1
63025be073538fbe61af35e70ae22918bfc172e5
-
SHA256
05fe1601534d962e745acf8c0c577a2dbf87be8e62ea6672be043605d5906716
-
SHA512
c35f2cd5be20fa9f82e24cb852d0d10a63df4e5f4aad09456c5fe28b5f5bde432939b1b998201c8bbfbe36d40fe42da2a25517bdc4716eca782a3887d2ec7d4b
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-