735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

General
Target

735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

Size

945KB

Sample

210228-tsm847fmqj

Score
9 /10
MD5

bbc4ea4288bb2ff094433b18d8468a8d

SHA1

72d8b5810a3b773bf11946061ad90a47a0558826

SHA256

735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

SHA512

c69a8a9ca5acea5a50d8ce9fea0e3e8146fcc34c97937ffffc44dc119f30f88db9ccd22c1c79f761d102fe75e220c1dfe2fc8bbcac7cb2ff5b4a70d6a222f006

Malware Config
Targets
Target

735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

MD5

bbc4ea4288bb2ff094433b18d8468a8d

Filesize

945KB

Score
9 /10
SHA1

72d8b5810a3b773bf11946061ad90a47a0558826

SHA256

735fd161c81fc144eb99d411ab096c6d21a844a8b9747006e9a2bbac729baadf

SHA512

c69a8a9ca5acea5a50d8ce9fea0e3e8146fcc34c97937ffffc44dc119f30f88db9ccd22c1c79f761d102fe75e220c1dfe2fc8bbcac7cb2ff5b4a70d6a222f006

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Drops startup file

  • Identifies Wine through registry keys

    Description

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      9/10

                      behavioral2

                      9/10