Overview

overview

9

Static

static

735fd161c8...df.exe

windows7_x64

9

735fd161c8...df.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

  • Size

    945KB

  • Sample

    210228-tsm847fmqj

  • MD5

    bbc4ea4288bb2ff094433b18d8468a8d

  • SHA1

    72d8b5810a3b773bf11946061ad90a47a0558826

  • SHA256

    735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

  • SHA512

    c69a8a9ca5acea5a50d8ce9fea0e3e8146fcc34c97937ffffc44dc119f30f88db9ccd22c1c79f761d102fe75e220c1dfe2fc8bbcac7cb2ff5b4a70d6a222f006

Score
9/10
evasionupx

Malware Config

Targets

    • Target

      735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

    • Size

      945KB

    • MD5

      bbc4ea4288bb2ff094433b18d8468a8d

    • SHA1

      72d8b5810a3b773bf11946061ad90a47a0558826

    • SHA256

      735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

    • SHA512

      c69a8a9ca5acea5a50d8ce9fea0e3e8146fcc34c97937ffffc44dc119f30f88db9ccd22c1c79f761d102fe75e220c1dfe2fc8bbcac7cb2ff5b4a70d6a222f006

    Score
    9/10
    evasionupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks