andromut | 800626880b206896d6057ddf914d13dacaba7849c0499dae43c9a46a8062f448 | Triage

Submit
Reports

Overview

overview

Static

static

800626880b...48.msi

windows7_x64

800626880b...48.msi

windows10_x64

Sharing

General

Target

800626880b206896d6057ddf914d13dacaba7849c0499dae43c9a46a8062f448
Size

216KB
Sample

220128-yqmgjscfa9
MD5

0bff7092fb2836a35f802140ffee8edc
SHA1

bf32f5a6aa02f8d94406fdd14bb919e283af0499
SHA256

800626880b206896d6057ddf914d13dacaba7849c0499dae43c9a46a8062f448
SHA512

939ad07c4b9e0a8524ee9d1c9cc63310477a4e0a37f5527d8934b8d6dda29687dd1ff7bd33ee05be6b36102c667394f6a4a6756eb370c53136c35c928efe0211

Score

10^/10

andromut downloader evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

800626880b206896d6057ddf914d13dacaba7849c0499dae43c9a46a8062f448.msi

Resource

win7-en-20211208

andromut downloader evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

800626880b206896d6057ddf914d13dacaba7849c0499dae43c9a46a8062f448.msi

Resource

win10-en-20211208

andromut downloader evasion trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  800626880b206896d6057ddf914d13dacaba7849c0499dae43c9a46a8062f448
- Size
  
  216KB
- MD5
  
  0bff7092fb2836a35f802140ffee8edc
- SHA1
  
  bf32f5a6aa02f8d94406fdd14bb919e283af0499
- SHA256
  
  800626880b206896d6057ddf914d13dacaba7849c0499dae43c9a46a8062f448
- SHA512
  
  939ad07c4b9e0a8524ee9d1c9cc63310477a4e0a37f5527d8934b8d6dda29687dd1ff7bd33ee05be6b36102c667394f6a4a6756eb370c53136c35c928efe0211
Score

10^/10

andromut downloader evasion trojan
- Andromut
  AndroMut is a downloader written in C++, it was first observed in June 2019.
  trojan downloader andromut
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

andromutdownloaderevasiontrojan

behavioral2

andromutdownloaderevasiontrojan

© 2018-2024

Terms | Privacy