General
-
Target
0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793
-
Size
1.5MB
-
Sample
220520-2w7w8abbbj
-
MD5
67bfea86c243e8501123085e51d7d5e7
-
SHA1
af4571a5feb50748b77b849cac71133df7cf39e4
-
SHA256
0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793
-
SHA512
f4dfbe3c74cc60c56a7a37b38edba000366e0b0830b5b6359652f3f9947268a1258a65449f9c0b85545a90761ae5df21a22041d1ce05a1443c2578329cacf159
Static task
static1
Behavioral task
behavioral1
Sample
0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793
-
Size
1.5MB
-
MD5
67bfea86c243e8501123085e51d7d5e7
-
SHA1
af4571a5feb50748b77b849cac71133df7cf39e4
-
SHA256
0ff33e4cbf2cf3f8093c9f702a6e506766477a8e78ac9125416747215a15c793
-
SHA512
f4dfbe3c74cc60c56a7a37b38edba000366e0b0830b5b6359652f3f9947268a1258a65449f9c0b85545a90761ae5df21a22041d1ce05a1443c2578329cacf159
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-