54c9f53a6fa86eb1b3e5a78c6eeb6425205f0ba001ba1eba98977ea58b155a97 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54c9f53a6fa86eb1b3e5a78c6eeb6425205f0ba001ba1eba98977ea58b155a97
Size

1.0MB
Sample

221003-ry9hqabdbp
MD5

69666f88afa3c669184b3dcbf3ef4390
SHA1

48a55dd3f1b183efb5fc1865e3b291d888c65b86
SHA256

54c9f53a6fa86eb1b3e5a78c6eeb6425205f0ba001ba1eba98977ea58b155a97
SHA512

07bdf93a040ceea5b59fb888c566f04499b9614226871d735e1ea8ddd2e02a4707fb04fb951890ec42cfe800bdfbc31980e40822cb9d6d06b610e78e45a966d6
SSDEEP

24576:G/lRJ5Sm9GMTA/LLAluUxxNXYcHUxQ+x/Fhey:mr5SUATLAQaRwey

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  54c9f53a6fa86eb1b3e5a78c6eeb6425205f0ba001ba1eba98977ea58b155a97
- Size
  
  1.0MB
- MD5
  
  69666f88afa3c669184b3dcbf3ef4390
- SHA1
  
  48a55dd3f1b183efb5fc1865e3b291d888c65b86
- SHA256
  
  54c9f53a6fa86eb1b3e5a78c6eeb6425205f0ba001ba1eba98977ea58b155a97
- SHA512
  
  07bdf93a040ceea5b59fb888c566f04499b9614226871d735e1ea8ddd2e02a4707fb04fb951890ec42cfe800bdfbc31980e40822cb9d6d06b610e78e45a966d6
- SSDEEP
  
  24576:G/lRJ5Sm9GMTA/LLAluUxxNXYcHUxQ+x/Fhey:mr5SUATLAQaRwey
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2