96968d09ca53333fc1b6b24cefc437776796d33b61d56038f272feb9e038af7c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96968d09ca53333fc1b6b24cefc437776796d33b61d56038f272feb9e038af7c
Size

1.9MB
Sample

230103-e6l16shg29
MD5

7df696f97ca581a492632dcb9e035a09
SHA1

65c0a141893b6760496db00dd0c9643c306bf2b7
SHA256

96968d09ca53333fc1b6b24cefc437776796d33b61d56038f272feb9e038af7c
SHA512

15654373d11f4cd7a516599ac9dcbf76d6d4f84d549f8d4af21a9f3bb06cc04387226e94b75b143f0745bf0d519843e492a9ad3bb75285d281377f62e0f7ff34
SSDEEP

49152:jBdMEMukXKjetGeErpprX3xaQmIEaly7ziPhD:jB2EMukXKjeIpr3h4feB

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  96968d09ca53333fc1b6b24cefc437776796d33b61d56038f272feb9e038af7c
- Size
  
  1.9MB
- MD5
  
  7df696f97ca581a492632dcb9e035a09
- SHA1
  
  65c0a141893b6760496db00dd0c9643c306bf2b7
- SHA256
  
  96968d09ca53333fc1b6b24cefc437776796d33b61d56038f272feb9e038af7c
- SHA512
  
  15654373d11f4cd7a516599ac9dcbf76d6d4f84d549f8d4af21a9f3bb06cc04387226e94b75b143f0745bf0d519843e492a9ad3bb75285d281377f62e0f7ff34
- SSDEEP
  
  49152:jBdMEMukXKjetGeErpprX3xaQmIEaly7ziPhD:jB2EMukXKjeIpr3h4feB
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2