Overview

overview

8

Static

static

8

222996b4eb...08.exe

windows7-x64

8

222996b4eb...08.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    222996b4ebf9b5616a6471fb0371ded78e6419fab5bda16381a76894fc9fac08

  • Size

    168KB

  • Sample

    221011-ekmqksdggj

  • MD5

    6108c6754c35343f7a46e3c4dd72a590

  • SHA1

    e50ee937dea75aa787f2b3036824bcc7170c7126

  • SHA256

    222996b4ebf9b5616a6471fb0371ded78e6419fab5bda16381a76894fc9fac08

  • SHA512

    9bd1cf6dad21f9b96d9d8e14d7134ad46b70ff66ff4ae72ba0b21981d1af7618da423cbc078e6e0acf075a5b6601074311aaf8b072d2c7dfd08a5a23a40361aa

  • SSDEEP

    3072:+N32J9AG2n0G04oNgnxdPy3riZwyW/DL3Z0nxzqYg392ZNx9pMYOtqn/kjhahdxa:a8an304oOnj0riu//fZETe92fCYOQ/k7

Score
8/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      222996b4ebf9b5616a6471fb0371ded78e6419fab5bda16381a76894fc9fac08

    • Size

      168KB

    • MD5

      6108c6754c35343f7a46e3c4dd72a590

    • SHA1

      e50ee937dea75aa787f2b3036824bcc7170c7126

    • SHA256

      222996b4ebf9b5616a6471fb0371ded78e6419fab5bda16381a76894fc9fac08

    • SHA512

      9bd1cf6dad21f9b96d9d8e14d7134ad46b70ff66ff4ae72ba0b21981d1af7618da423cbc078e6e0acf075a5b6601074311aaf8b072d2c7dfd08a5a23a40361aa

    • SSDEEP

      3072:+N32J9AG2n0G04oNgnxdPy3riZwyW/DL3Z0nxzqYg392ZNx9pMYOtqn/kjhahdxa:a8an304oOnj0riu//fZETe92fCYOQ/k7

    Score
    8/10
    evasionpersistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks