97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e | Triage

Sharing

General

Target

97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e
Size

881KB
Sample

221030-s2n7mahdbq
MD5

819cdb4ca01762e5911433e9089612c0
SHA1

52502551c3aa53489f5dc5b10008f6287201159c
SHA256

97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e
SHA512

55f6ccc14a6e0d2001dda6e748bed61f7a24efa66919a3cf122f20e27aaee3d6594084cc3c75accbdb5d1732b8b4112a390ce3ecc3ecddf6b47f15a1b12d3a03
SSDEEP

12288:t9NWCNX8CfYUW2SSPALm6KEj+YYiASpUQlzuQqiuOf5zpzoGxQNVb4Ky7Gd4LmrP:t9MCwX2Se6K5jSpFlaiu2hhx0pmLmnj

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e
- Size
  
  881KB
- MD5
  
  819cdb4ca01762e5911433e9089612c0
- SHA1
  
  52502551c3aa53489f5dc5b10008f6287201159c
- SHA256
  
  97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e
- SHA512
  
  55f6ccc14a6e0d2001dda6e748bed61f7a24efa66919a3cf122f20e27aaee3d6594084cc3c75accbdb5d1732b8b4112a390ce3ecc3ecddf6b47f15a1b12d3a03
- SSDEEP
  
  12288:t9NWCNX8CfYUW2SSPALm6KEj+YYiASpUQlzuQqiuOf5zpzoGxQNVb4Ky7Gd4LmrP:t9MCwX2Se6K5jSpFlaiu2hhx0pmLmnj
Score

9^/10

evasion persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence