Overview

overview

10

Static

static

bb5054f0ec...ee.exe

windows7_x64

10

bb5054f0ec...ee.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb5054f0ec4e6980f65fb9329a0b5acec1ed936053c3ef0938b5fa02a9daf7ee

  • Size

    187KB

  • Sample

    220128-xbktqsafdm

  • MD5

    ca8d09ed7231b32c14128127c55e571e

  • SHA1

    998cb01b909746a9360ed9366d51e57e9f0b82d5

  • SHA256

    bb5054f0ec4e6980f65fb9329a0b5acec1ed936053c3ef0938b5fa02a9daf7ee

  • SHA512

    a3f70ab6aceda290d19d242a20f87f12eb25b19e5d60c6ffa45acd3d53251244ce219378b3d3c03ba4381ecad888f1b3c92b8893819ee3444134f92d0c12ee8e

Score
10/10
andromutdownloaderevasiontrojan

Malware Config

Targets

    • Target

      bb5054f0ec4e6980f65fb9329a0b5acec1ed936053c3ef0938b5fa02a9daf7ee

    • Size

      187KB

    • MD5

      ca8d09ed7231b32c14128127c55e571e

    • SHA1

      998cb01b909746a9360ed9366d51e57e9f0b82d5

    • SHA256

      bb5054f0ec4e6980f65fb9329a0b5acec1ed936053c3ef0938b5fa02a9daf7ee

    • SHA512

      a3f70ab6aceda290d19d242a20f87f12eb25b19e5d60c6ffa45acd3d53251244ce219378b3d3c03ba4381ecad888f1b3c92b8893819ee3444134f92d0c12ee8e

    Score
    10/10
    andromutdownloaderevasiontrojan

    • Andromut

      AndroMut is a downloader written in C++, it was first observed in June 2019.

      trojandownloaderandromut

    • Executes dropped EXE

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks