General
-
Target
6d92f19c3ee55996b01c5f4cf9db709cb83d99b3a5838481b876ca71e1c7ffb3
-
Size
179KB
-
Sample
220128-y6plvacfgj
-
MD5
34c3c6c91ddda01489f86343449b15dd
-
SHA1
3c354e6ff2784408c628d933e32a15d5c022d305
-
SHA256
6d92f19c3ee55996b01c5f4cf9db709cb83d99b3a5838481b876ca71e1c7ffb3
-
SHA512
41a7f77e135d60f483e064faa09cd148a24e6796daec14861ddeeabf023e483da1d52e5984902c5c9e119cc3397ce1777a08f35ed305dc64aeb71a1514543e12
Malware Config
Targets
-
-
Target
6d92f19c3ee55996b01c5f4cf9db709cb83d99b3a5838481b876ca71e1c7ffb3
-
Size
179KB
-
MD5
34c3c6c91ddda01489f86343449b15dd
-
SHA1
3c354e6ff2784408c628d933e32a15d5c022d305
-
SHA256
6d92f19c3ee55996b01c5f4cf9db709cb83d99b3a5838481b876ca71e1c7ffb3
-
SHA512
41a7f77e135d60f483e064faa09cd148a24e6796daec14861ddeeabf023e483da1d52e5984902c5c9e119cc3397ce1777a08f35ed305dc64aeb71a1514543e12
Score10/10-
Andromut
AndroMut is a downloader written in C++, it was first observed in June 2019.
-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-