ed721765e99a654c70dd7dfd7a94b0b958c1bc21300aa5da7f3e076584f6388f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed721765e99a654c70dd7dfd7a94b0b958c1bc21300aa5da7f3e076584f6388f
Size

2.8MB
Sample

221206-rcw1hadg72
MD5

cc1c27c342b148e174501a9da801c451
SHA1

c95874b72d5aacb853ce2c2a0eda6dcaa14d0687
SHA256

ed721765e99a654c70dd7dfd7a94b0b958c1bc21300aa5da7f3e076584f6388f
SHA512

08705bcd3e78614a9705cb7529a4b0bb97ce98456f5ada1b87bf85613340e331f0fa237b89084d31c41d61256c48c2f3d0753bdee50787d5fd60988d4027d982
SSDEEP

49152:fcMXfJZWK2SMhNTYqjMIWWTyHQFvt345qh7J8QPrL7v4CuxN:f/hIVfhdYqoIW0vGMuwrL7gd

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  ed721765e99a654c70dd7dfd7a94b0b958c1bc21300aa5da7f3e076584f6388f
- Size
  
  2.8MB
- MD5
  
  cc1c27c342b148e174501a9da801c451
- SHA1
  
  c95874b72d5aacb853ce2c2a0eda6dcaa14d0687
- SHA256
  
  ed721765e99a654c70dd7dfd7a94b0b958c1bc21300aa5da7f3e076584f6388f
- SHA512
  
  08705bcd3e78614a9705cb7529a4b0bb97ce98456f5ada1b87bf85613340e331f0fa237b89084d31c41d61256c48c2f3d0753bdee50787d5fd60988d4027d982
- SSDEEP
  
  49152:fcMXfJZWK2SMhNTYqjMIWWTyHQFvt345qh7J8QPrL7v4CuxN:f/hIVfhdYqoIW0vGMuwrL7gd
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2