55158c733090bc56f7cad292cee570b704416282063414bb258a7d78d71bd4f0 | Triage

Sharing

General

Target

55158c733090bc56f7cad292cee570b704416282063414bb258a7d78d71bd4f0
Size

210KB
Sample

221123-rl6ajagh86
MD5

c520fcd1769620b61125ae6df2ccaabf
SHA1

eb435d105d0f3ccb889cf8cae993861263eb7643
SHA256

55158c733090bc56f7cad292cee570b704416282063414bb258a7d78d71bd4f0
SHA512

253af4180c7535e96e40ff289e899efec23522718b4a90362cc45cb8a3a737bc999184c3a1c8ba3fd2d125517d148ba5976c04d7461bfa4d1270fb75dd75da31
SSDEEP

3072:kIM0v/eJvCeXoBapseh8hqyU4lamrIJDN:kI7Jo8cyU4ldrIR

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  55158c733090bc56f7cad292cee570b704416282063414bb258a7d78d71bd4f0
- Size
  
  210KB
- MD5
  
  c520fcd1769620b61125ae6df2ccaabf
- SHA1
  
  eb435d105d0f3ccb889cf8cae993861263eb7643
- SHA256
  
  55158c733090bc56f7cad292cee570b704416282063414bb258a7d78d71bd4f0
- SHA512
  
  253af4180c7535e96e40ff289e899efec23522718b4a90362cc45cb8a3a737bc999184c3a1c8ba3fd2d125517d148ba5976c04d7461bfa4d1270fb75dd75da31
- SSDEEP
  
  3072:kIM0v/eJvCeXoBapseh8hqyU4lamrIJDN:kI7Jo8cyU4ldrIR
Score

8^/10

evasion persistence
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2