8089b10f01a4d7e3307fa9004ce1367711ecdc61d5ec1a68c28343c716db0f24 | Triage

Sharing

General

Target

8089b10f01a4d7e3307fa9004ce1367711ecdc61d5ec1a68c28343c716db0f24
Size

2.7MB
Sample

221129-hvslcsff23
MD5

b4b0ccc21da8a04a181e58355d98ac85
SHA1

324b79c75a4511943826a49cad4123f507fadd30
SHA256

8089b10f01a4d7e3307fa9004ce1367711ecdc61d5ec1a68c28343c716db0f24
SHA512

d0338379f3fc1a36c1502ff1fab6f37d93ef9e14c008ce1b2e6b737f69755b67af7eaf8f3d79a02ca8191026da6ac87c9410fb926ba73a817dbfa2dc97f37776
SSDEEP

49152:7YzEQgzGC7YsCD3S7+N7qOGvCmUuJ/snrv8Eh3imXQSr8Rj/6efEwWWmnQZ:8zEQgzWsCD3SeqOYUuJEnj8Cimrgjye9

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  8089b10f01a4d7e3307fa9004ce1367711ecdc61d5ec1a68c28343c716db0f24
- Size
  
  2.7MB
- MD5
  
  b4b0ccc21da8a04a181e58355d98ac85
- SHA1
  
  324b79c75a4511943826a49cad4123f507fadd30
- SHA256
  
  8089b10f01a4d7e3307fa9004ce1367711ecdc61d5ec1a68c28343c716db0f24
- SHA512
  
  d0338379f3fc1a36c1502ff1fab6f37d93ef9e14c008ce1b2e6b737f69755b67af7eaf8f3d79a02ca8191026da6ac87c9410fb926ba73a817dbfa2dc97f37776
- SSDEEP
  
  49152:7YzEQgzGC7YsCD3S7+N7qOGvCmUuJ/snrv8Eh3imXQSr8Rj/6efEwWWmnQZ:8zEQgzWsCD3SeqOYUuJEnj8Cimrgjye9
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2