Overview

overview

8

Static

static

8

3.4.8_42394.exe

windows7_x64

8

3.4.8_42394.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MDE_File_Sample_78813410b8c43ef0de41fbd282331d58aeebfc0b.zip

  • Size

    1.9MB

  • Sample

    211021-m1dfvabadq

  • MD5

    2b563a9f1f47c9d12702817eda527242

  • SHA1

    94eaaea21391c960761403ae8eeff77002608e1d

  • SHA256

    a0f3cd3cfceabc6f146b3b4f58c4541297f0020387d99e6682aee45d56021431

  • SHA512

    0bb2c57fc75a25b6a6a9cc116b63dde9f83f276f4823625e591da1c3c2313f89b8d98be68fe01648b0a34e42f99cebde334f66e437be04170d7eecf59b9643e0

Score
8/10
evasionupx

Malware Config

Targets

    • Target

      3.4.8_42394.exe

    • Size

      1.9MB

    • MD5

      5a44930c53bb377931f93dfe05252fcc

    • SHA1

      78813410b8c43ef0de41fbd282331d58aeebfc0b

    • SHA256

      3552e089115f61e578657136aab87c67b312d8f65bd7ba6c0d50723f3d615a0e

    • SHA512

      b061cd9a9a0dc61adf8c789bb7fb346362feee7080535cadd52b094804c5ac94e10058c900fc14dc7a72db4ab0fdeac1a5801b597477caaa100bd2da41cd0875

    Score
    8/10
    evasion

    • Blocklisted process makes network request

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks