General

  • Target

    8eaaca3f5861d92d5d7bc8d9b223aa66ca2028df574d9f5c7b24622f61b73ccc

  • Size

    680KB

  • Sample

    221129-spspaaec7z

  • MD5

    1a4e393b83e0b2e028234511a65bf1e2

  • SHA1

    542294847ff7cd498c059cb4dabbc97ba298c77e

  • SHA256

    8eaaca3f5861d92d5d7bc8d9b223aa66ca2028df574d9f5c7b24622f61b73ccc

  • SHA512

    3884b9759396718b4384163c619e0864f7ccc1c0cafe9979d15533d94efbf334ce4a1750a66f2123d0c1ba4632c1a77c03da4536a10c15e50ee759e7b4fcf70d

  • SSDEEP

    12288:eN+V7pFV/WfwMGW9ptkUWzqtf+6P8ycbro/rENe3YRJwj6QKqsHj5Z0fd+do:J9HuBr9ptkUWzqt/UoYAYAZKPHngdY

Malware Config

Targets

    • Target

      8eaaca3f5861d92d5d7bc8d9b223aa66ca2028df574d9f5c7b24622f61b73ccc

    • Size

      680KB

    • MD5

      1a4e393b83e0b2e028234511a65bf1e2

    • SHA1

      542294847ff7cd498c059cb4dabbc97ba298c77e

    • SHA256

      8eaaca3f5861d92d5d7bc8d9b223aa66ca2028df574d9f5c7b24622f61b73ccc

    • SHA512

      3884b9759396718b4384163c619e0864f7ccc1c0cafe9979d15533d94efbf334ce4a1750a66f2123d0c1ba4632c1a77c03da4536a10c15e50ee759e7b4fcf70d

    • SSDEEP

      12288:eN+V7pFV/WfwMGW9ptkUWzqtf+6P8ycbro/rENe3YRJwj6QKqsHj5Z0fd+do:J9HuBr9ptkUWzqt/UoYAYAZKPHngdY

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Tasks