18581765a42fe7f8e905a2f295ef889700a9f8725a4968693607c2ba3d0a6458 | Triage

Sharing

General

Target

18581765a42fe7f8e905a2f295ef889700a9f8725a4968693607c2ba3d0a6458
Size

560KB
Sample

221030-qq8qsacea7
MD5

54f468369a1e72a92c4aed914f0302c0
SHA1

3f336242550e509e2e92334ac61e060f6d04f94c
SHA256

18581765a42fe7f8e905a2f295ef889700a9f8725a4968693607c2ba3d0a6458
SHA512

4cb915de49b2508870721b4d237244619417b7f3c466281f4a088c81c2acef94cce88852acebf22135206a4ada2573f468deae0d947e28fadedc032575c3fb58
SSDEEP

12288:fEbZYT6f3sghHIaeBXtoHl95uGVQFW+FO4ugsqUC:uY+ZunXtIbyFsC

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  18581765a42fe7f8e905a2f295ef889700a9f8725a4968693607c2ba3d0a6458
- Size
  
  560KB
- MD5
  
  54f468369a1e72a92c4aed914f0302c0
- SHA1
  
  3f336242550e509e2e92334ac61e060f6d04f94c
- SHA256
  
  18581765a42fe7f8e905a2f295ef889700a9f8725a4968693607c2ba3d0a6458
- SHA512
  
  4cb915de49b2508870721b4d237244619417b7f3c466281f4a088c81c2acef94cce88852acebf22135206a4ada2573f468deae0d947e28fadedc032575c3fb58
- SSDEEP
  
  12288:fEbZYT6f3sghHIaeBXtoHl95uGVQFW+FO4ugsqUC:uY+ZunXtIbyFsC
Score

8^/10

evasion
- Blocklisted process makes network request
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2