Overview

overview

7

Static

static

559e6c0064...7c.exe

windows7_x64

3

559e6c0064...7c.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    559e6c0064d815a559c55c8e788a2a18d964958613cefc2ae90b4df28435397c

  • Size

    2.2MB

  • Sample

    220708-f4kk1adcb5

  • MD5

    418a031eff24f3356a6ad3027b0b9993

  • SHA1

    5677d050ff4b22bc4f8e3c35b4599038b34fc12e

  • SHA256

    559e6c0064d815a559c55c8e788a2a18d964958613cefc2ae90b4df28435397c

  • SHA512

    67ec0e7a1e54458ea909802dd84febd61189ef53f388b11fd9d99db604bf9acd3cf5b2859de4d8ab5ffcdc5a55395fa3a9f0121846b0ba569d9d0d3459952826

Score
7/10
evasionthemida

Malware Config

Targets

    • Target

      559e6c0064d815a559c55c8e788a2a18d964958613cefc2ae90b4df28435397c

    • Size

      2.2MB

    • MD5

      418a031eff24f3356a6ad3027b0b9993

    • SHA1

      5677d050ff4b22bc4f8e3c35b4599038b34fc12e

    • SHA256

      559e6c0064d815a559c55c8e788a2a18d964958613cefc2ae90b4df28435397c

    • SHA512

      67ec0e7a1e54458ea909802dd84febd61189ef53f388b11fd9d99db604bf9acd3cf5b2859de4d8ab5ffcdc5a55395fa3a9f0121846b0ba569d9d0d3459952826

    Score
    7/10
    evasionthemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks