0f096d1bb369048845a8090a8337342a5847e9c4adee348208a507de24e3f33c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PortableApps.com_Platform_Setup_22.0.1.paf.exe
Size

5.7MB
Sample

221018-3bycqaeah6
MD5

ab0db50b1aab34a4a6865ebe029c53e2
SHA1

a6210c76ea92e7e5944243e09b4bcc678d2539ca
SHA256

0f096d1bb369048845a8090a8337342a5847e9c4adee348208a507de24e3f33c
SHA512

82163de44d4b2f76a6a98cf7dcdc9bf2e74c833245002fe9d89dead6f210791d2774ede53057f4d9af4fbd09e1eb5e3c8790da24533926c93462b5ce53f06360
SSDEEP

98304:MdRefMaptYwCxoBF1Mi9ITd5bU4xep856AsNuHD2DSv:MPapmwMoXl0DBu8sIjUC

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  PortableApps.com_Platform_Setup_22.0.1.paf.exe
- Size
  
  5.7MB
- MD5
  
  ab0db50b1aab34a4a6865ebe029c53e2
- SHA1
  
  a6210c76ea92e7e5944243e09b4bcc678d2539ca
- SHA256
  
  0f096d1bb369048845a8090a8337342a5847e9c4adee348208a507de24e3f33c
- SHA512
  
  82163de44d4b2f76a6a98cf7dcdc9bf2e74c833245002fe9d89dead6f210791d2774ede53057f4d9af4fbd09e1eb5e3c8790da24533926c93462b5ce53f06360
- SSDEEP
  
  98304:MdRefMaptYwCxoBF1Mi9ITd5bU4xep856AsNuHD2DSv:MPapmwMoXl0DBu8sIjUC
Score

8^/10

evasion
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1