f0bfc546575a950f980262dee518bb987e163687cce8ca494ca440cce9c69a1c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OServerSrv.exe
Size

4.6MB
Sample

230529-pdmgcabf88
MD5

1ab51c4940ac93c6bb72a436b7430241
SHA1

c7f18862a75ead7de28f1afc8ef5d62589fcd64d
SHA256

f0bfc546575a950f980262dee518bb987e163687cce8ca494ca440cce9c69a1c
SHA512

7abc21b757c719b9ed8959b3821dc36a7632ee3efb80f92a2737b276e51b4c268453b483b3ceb9d7983231b0cbaab3b3dd7fae9e21fec4f725b041f736719e7e
SSDEEP

98304:6W6ZdNmk/ezmCJ4ar77/4YrJ3DTaNbgfp/HTtRngceKrdPiW4d00hAdfRem1sGn:t0mac440Y1zmN2pbnetZQdJ7uU

Score

7^/10

evasion

Malware Config

Targets

- Target
  
  Device/HarddiskVolume3/_Install/Uti/Xenia/OServerSrv.exe
- Size
  
  5.4MB
- MD5
  
  6aa5b9a65ec5c4dc91c6cef5077e5cf2
- SHA1
  
  ed351959488aaf2d38c31b78565df9b4503fe260
- SHA256
  
  f480879873ce1dcbb63966a32eacdef5db72fc7a57147b82b8b6f0a27f9e480d
- SHA512
  
  88f617195b29995da90e4f36de826d97f1e5cbd06c469ac8d1587844e719d63bcc1a8d118b4023eb8a40ae94fdb03fdc93f8c0fa507813b74f775598d4197c42
- SSDEEP
  
  98304:ePFgvalFeB8qT/gWa2Zuq6W6KhxLAZqpauyB/HBua5qZK1kZGkx:8L4BTDVTZurUDUZOauyxcaWJYI
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2