andromut | f7f6dd56413221111d2755f64b3462e6f56b841647c4358b1e6a066a36667725 | Triage

Sharing

General

Target

f7f6dd56413221111d2755f64b3462e6f56b841647c4358b1e6a066a36667725
Size

161KB
Sample

220128-vy135ahben
MD5

a137d35b1c7c767a5900c5346876cf9b
SHA1

f0a2c194fd791c1248ac6beff9022c6171246710
SHA256

f7f6dd56413221111d2755f64b3462e6f56b841647c4358b1e6a066a36667725
SHA512

97b794b344d9f75eee71dcd004563ebdd1fd73ab47c065bab6521ad717ff5e300dd4fa1271c164727950838f44a9aafe3f570e00dbf1a0f40416e9a24e69aade

Score

10^/10

andromut downloader evasion trojan

Malware Config

Targets

- Target
  
  f7f6dd56413221111d2755f64b3462e6f56b841647c4358b1e6a066a36667725
- Size
  
  161KB
- MD5
  
  a137d35b1c7c767a5900c5346876cf9b
- SHA1
  
  f0a2c194fd791c1248ac6beff9022c6171246710
- SHA256
  
  f7f6dd56413221111d2755f64b3462e6f56b841647c4358b1e6a066a36667725
- SHA512
  
  97b794b344d9f75eee71dcd004563ebdd1fd73ab47c065bab6521ad717ff5e300dd4fa1271c164727950838f44a9aafe3f570e00dbf1a0f40416e9a24e69aade
Score

10^/10

andromut downloader evasion trojan
- Andromut
  AndroMut is a downloader written in C++, it was first observed in June 2019.
  trojan downloader andromut
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

andromutdownloaderevasiontrojan

behavioral2

andromutdownloaderevasiontrojan