Overview

overview

9

Static

static

ec1872da64...ec.exe

windows7_x64

9

ec1872da64...ec.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec

  • Size

    2.3MB

  • Sample

    220520-3x1d7shfh3

  • MD5

    b3eb1618be3ac9e533fdcf7187bb962d

  • SHA1

    5746fa762c6ca08f1b07318304be945a6501e223

  • SHA256

    ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec

  • SHA512

    9f68877d2cefdca311e25cb268ce6b11737a6b70b8e4e48725619336f396175dbd8f502f512c08e7c88ef2b6c7d402453d10792b9addf1c97eebd2d213227e33

Score
9/10
evasion

Malware Config

Targets

    • Target

      ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec

    • Size

      2.3MB

    • MD5

      b3eb1618be3ac9e533fdcf7187bb962d

    • SHA1

      5746fa762c6ca08f1b07318304be945a6501e223

    • SHA256

      ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec

    • SHA512

      9f68877d2cefdca311e25cb268ce6b11737a6b70b8e4e48725619336f396175dbd8f502f512c08e7c88ef2b6c7d402453d10792b9addf1c97eebd2d213227e33

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks