ada0fc488c85f1396f518066b86924bba6df96338e70df2dd7cdf4a2ec72c350 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ada0fc488c85f1396f518066b86924bba6df96338e70df2dd7cdf4a2ec72c350
Size

1.7MB
Sample

221205-k4k9rahh7v
MD5

d5ffaccd3c579f5ddcc093d0bc52d0c6
SHA1

e161ffda4dadb6d34ee23e52543f1dcda3aecbd8
SHA256

ada0fc488c85f1396f518066b86924bba6df96338e70df2dd7cdf4a2ec72c350
SHA512

306707f0322d8c539c2bd58dcb1e9e007699f07a4a9d92f274195170570e6bb9b753a27ffa2bca772b6413f3f2e6af0288f321f00ba29c8c9a980d25d190f62b
SSDEEP

24576:vL1/1vV9ePKRyJ7JPnwMLOuAGXKJcmJv0nQb0vQNl1YSbW6iy3cfj5/EU/scSgrZ:vLjOszv91uRJqkDWomN9EFVuf0

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  ada0fc488c85f1396f518066b86924bba6df96338e70df2dd7cdf4a2ec72c350
- Size
  
  1.7MB
- MD5
  
  d5ffaccd3c579f5ddcc093d0bc52d0c6
- SHA1
  
  e161ffda4dadb6d34ee23e52543f1dcda3aecbd8
- SHA256
  
  ada0fc488c85f1396f518066b86924bba6df96338e70df2dd7cdf4a2ec72c350
- SHA512
  
  306707f0322d8c539c2bd58dcb1e9e007699f07a4a9d92f274195170570e6bb9b753a27ffa2bca772b6413f3f2e6af0288f321f00ba29c8c9a980d25d190f62b
- SSDEEP
  
  24576:vL1/1vV9ePKRyJ7JPnwMLOuAGXKJcmJv0nQb0vQNl1YSbW6iy3cfj5/EU/scSgrZ:vLjOszv91uRJqkDWomN9EFVuf0
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2