a1140ac3a8fdc5948d283d45d2493d6575d197686b7ebd04e7cf9b47195b90d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1140ac3a8fdc5948d283d45d2493d6575d197686b7ebd04e7cf9b47195b90d5
Size

2.9MB
Sample

221205-mmvszafa2v
MD5

ff030be7bc3d09b3d526dac1fce97c7c
SHA1

a12d429180e268628227d1f9cbfc9165df18ca13
SHA256

a1140ac3a8fdc5948d283d45d2493d6575d197686b7ebd04e7cf9b47195b90d5
SHA512

10bb8751c22bb590713dd10607580aba58c4a665d4b46c42429c10699b292c5d2a7aa7a0b1bc4787bbfddf6411aea41f81efdd7ba068afd2f679ef1d30e85138
SSDEEP

49152:g/aXz9AAIq648f25BsnsSptBI5JLF/CxlJobpiv2R0ZOBv8mRinyvh:g/aXz9ARqyOynsSptBI/F6xlkiv2R0ZG

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  a1140ac3a8fdc5948d283d45d2493d6575d197686b7ebd04e7cf9b47195b90d5
- Size
  
  2.9MB
- MD5
  
  ff030be7bc3d09b3d526dac1fce97c7c
- SHA1
  
  a12d429180e268628227d1f9cbfc9165df18ca13
- SHA256
  
  a1140ac3a8fdc5948d283d45d2493d6575d197686b7ebd04e7cf9b47195b90d5
- SHA512
  
  10bb8751c22bb590713dd10607580aba58c4a665d4b46c42429c10699b292c5d2a7aa7a0b1bc4787bbfddf6411aea41f81efdd7ba068afd2f679ef1d30e85138
- SSDEEP
  
  49152:g/aXz9AAIq648f25BsnsSptBI5JLF/CxlJobpiv2R0ZOBv8mRinyvh:g/aXz9ARqyOynsSptBI/F6xlkiv2R0ZG
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2