acf11346fb02e091f63bc2c9bedc1302143da4e37747bb53766ce7d95fcc0f7b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acf11346fb02e091f63bc2c9bedc1302143da4e37747bb53766ce7d95fcc0f7b
Size

2.5MB
Sample

221205-k7j6vsac3t
MD5

80ffebdbce1d3c11a9c9c475f9e03ea4
SHA1

c399e387710cbf085a34d51f4fe22098b5bbaa83
SHA256

acf11346fb02e091f63bc2c9bedc1302143da4e37747bb53766ce7d95fcc0f7b
SHA512

522c5245107f9e060895111f5d58f86d61f9bff9a1bdd14e399164159835da7cec53adaf5b4dea558ff64f1cd777ec45a8a1c785973f4db1627b8bd9117b7645
SSDEEP

49152:iDEZLy4qax63ETkvm9JQnA5ZWogiK/Pdp9/+XnvuSfuZvsHP15f4rAL1Yh6tpy:Kgy4q60m9AA54oPmdz+XvuSfE0HkALH6

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  acf11346fb02e091f63bc2c9bedc1302143da4e37747bb53766ce7d95fcc0f7b
- Size
  
  2.5MB
- MD5
  
  80ffebdbce1d3c11a9c9c475f9e03ea4
- SHA1
  
  c399e387710cbf085a34d51f4fe22098b5bbaa83
- SHA256
  
  acf11346fb02e091f63bc2c9bedc1302143da4e37747bb53766ce7d95fcc0f7b
- SHA512
  
  522c5245107f9e060895111f5d58f86d61f9bff9a1bdd14e399164159835da7cec53adaf5b4dea558ff64f1cd777ec45a8a1c785973f4db1627b8bd9117b7645
- SSDEEP
  
  49152:iDEZLy4qax63ETkvm9JQnA5ZWogiK/Pdp9/+XnvuSfuZvsHP15f4rAL1Yh6tpy:Kgy4q60m9AA54oPmdz+XvuSfE0HkALH6
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2