Overview

overview

7

Static

static

7

0bcca057b9...0d.exe

windows7-x64

7

0bcca057b9...0d.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bcca057b966710f6339c74631c7d20f8766249ad7cc5b19892b510225c6540d

  • Size

    1.1MB

  • Sample

    221127-pkt5rsga59

  • MD5

    d24a38ab1a6ea3835d9b80e0a45ddada

  • SHA1

    e4b541c90fce0c625485f0ee74aebb158d066965

  • SHA256

    0bcca057b966710f6339c74631c7d20f8766249ad7cc5b19892b510225c6540d

  • SHA512

    c4097d49928ed72aee198f4b66923bebcc6acb7e1b7bfb2870290864623087efc4096dd77d4933b19f782f99f8fd5f8ca714441f66fa3619267b3b2ca52b80e2

  • SSDEEP

    24576:rSoWi7OLV9dHYcCCBt6iYzOYito5rtd/ZIo7TwPOqIbHYANi8CVHik1:rf0LVXH3vtPbYoqZIo3wPOt9NifVCk

Score
7/10
evasionthemida

Malware Config

Targets

    • Target

      0bcca057b966710f6339c74631c7d20f8766249ad7cc5b19892b510225c6540d

    • Size

      1.1MB

    • MD5

      d24a38ab1a6ea3835d9b80e0a45ddada

    • SHA1

      e4b541c90fce0c625485f0ee74aebb158d066965

    • SHA256

      0bcca057b966710f6339c74631c7d20f8766249ad7cc5b19892b510225c6540d

    • SHA512

      c4097d49928ed72aee198f4b66923bebcc6acb7e1b7bfb2870290864623087efc4096dd77d4933b19f782f99f8fd5f8ca714441f66fa3619267b3b2ca52b80e2

    • SSDEEP

      24576:rSoWi7OLV9dHYcCCBt6iYzOYito5rtd/ZIo7TwPOqIbHYANi8CVHik1:rf0LVXH3vtPbYoqZIo3wPOt9NifVCk

    Score
    7/10
    evasionthemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks