0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793

General
Target

0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793

Size

1MB

Sample

220520-2w7w8abbbj

Score
7 /10
MD5

67bfea86c243e8501123085e51d7d5e7

SHA1

af4571a5feb50748b77b849cac71133df7cf39e4

SHA256

0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793

SHA512

f4dfbe3c74cc60c56a7a37b38edba000366e0b0830b5b6359652f3f9947268a1258a65449f9c0b85545a90761ae5df21a22041d1ce05a1443c2578329cacf159

Malware Config
Targets
Target

0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793

MD5

67bfea86c243e8501123085e51d7d5e7

Filesize

1MB

Score
7/10
SHA1

af4571a5feb50748b77b849cac71133df7cf39e4

SHA256

0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793

SHA512

f4dfbe3c74cc60c56a7a37b38edba000366e0b0830b5b6359652f3f9947268a1258a65449f9c0b85545a90761ae5df21a22041d1ce05a1443c2578329cacf159

Tags

Signatures

  • Identifies Wine through registry keys

    Description

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral2

                    7/10