General
-
Target
f3b2d2d16ee2b16fe5c288f9cccb2b2ade13475ed902fda49fdb36493515332e
-
Size
179KB
-
Sample
220128-v2nbfaheg5
-
MD5
68a9d3b8f410f5c7b433fe93502f06a2
-
SHA1
c63943d653718175d26f567ef37cd22f9035e5e6
-
SHA256
f3b2d2d16ee2b16fe5c288f9cccb2b2ade13475ed902fda49fdb36493515332e
-
SHA512
d3c22550d4a7b3ddd1e9e39d6b8b66554d91195fb7183660983b7bad15108f2a7ab309bb52ef34920220966b14af59fdf72cf867ef1f8700f1ed748886e8cb19
Malware Config
Targets
-
-
Target
f3b2d2d16ee2b16fe5c288f9cccb2b2ade13475ed902fda49fdb36493515332e
-
Size
179KB
-
MD5
68a9d3b8f410f5c7b433fe93502f06a2
-
SHA1
c63943d653718175d26f567ef37cd22f9035e5e6
-
SHA256
f3b2d2d16ee2b16fe5c288f9cccb2b2ade13475ed902fda49fdb36493515332e
-
SHA512
d3c22550d4a7b3ddd1e9e39d6b8b66554d91195fb7183660983b7bad15108f2a7ab309bb52ef34920220966b14af59fdf72cf867ef1f8700f1ed748886e8cb19
Score10/10-
Andromut
AndroMut is a downloader written in C++, it was first observed in June 2019.
-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-