General
-
Target
c6c82d4d0dbd534c33a38e0bde837cdc7b89e660b7c647cd932cfe6a5635e707
-
Size
682KB
-
Sample
220919-w6eersceg2
-
MD5
3e2b1bf51338777eb78b2faaa3c455cf
-
SHA1
699440df0f307902ded0750520afe10a61a6763b
-
SHA256
c6c82d4d0dbd534c33a38e0bde837cdc7b89e660b7c647cd932cfe6a5635e707
-
SHA512
cb5a9c4f581cb995499fd98b8dad9f62f63886eb6b61497a7007b6642ea5af7a586a7dd00d5020f3fd832ff60640478b582888e52201c33d9d82eed9d7982701
-
SSDEEP
12288:6uAhfBG0zJhVwuAMPS0dFxNtKIr5nvMU3UEzBtp4OS/F1cCUZnwu+5F2+6b7MP+y:6uANk0zquXHNEIr50U5zl4V/F1cRxw/1
Malware Config
Targets
-
-
Target
c6c82d4d0dbd534c33a38e0bde837cdc7b89e660b7c647cd932cfe6a5635e707
-
Size
682KB
-
MD5
3e2b1bf51338777eb78b2faaa3c455cf
-
SHA1
699440df0f307902ded0750520afe10a61a6763b
-
SHA256
c6c82d4d0dbd534c33a38e0bde837cdc7b89e660b7c647cd932cfe6a5635e707
-
SHA512
cb5a9c4f581cb995499fd98b8dad9f62f63886eb6b61497a7007b6642ea5af7a586a7dd00d5020f3fd832ff60640478b582888e52201c33d9d82eed9d7982701
-
SSDEEP
12288:6uAhfBG0zJhVwuAMPS0dFxNtKIr5nvMU3UEzBtp4OS/F1cCUZnwu+5F2+6b7MP+y:6uANk0zquXHNEIr50U5zl4V/F1cRxw/1
Score8/10-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-