9f05914ea6cced1deeb296846bfdd0319da103339813951609dab21e7ced4904 | Triage

Sharing

General

Target

3e60494e91b81722bf9a677e752a047f
Size

896KB
Sample

240102-s8y1eabga2
MD5

3e60494e91b81722bf9a677e752a047f
SHA1

5affb25c8e9502bc24c0d8191b74c218d088de43
SHA256

9f05914ea6cced1deeb296846bfdd0319da103339813951609dab21e7ced4904
SHA512

ea717177a0bd207a7fd41b7562c195d57c2468116a261b064aa231971923fd52764f9908179a56a51cf9e9c3295a63bb8621613df46697cc51d08fd0449e5135
SSDEEP

24576:n8PBtpz7Vu9hl8mLc6QDVIfMa2xHha4vQy0xmPz/:n8PBTzmDLc/DSGa430xmPz/

Score

7^/10

evasion

Malware Config

Targets

- Target
  
  KBE2SLK.exe
- Size
  
  925KB
- MD5
  
  b8df5209815c9c44f9dd31838935c286
- SHA1
  
  934328477b27fccb5b86be678d7ae1688c61c835
- SHA256
  
  1cfef8d20f582d5eb10b652036293eed24d7672ec4ec89263bab65bd91a4f382
- SHA512
  
  9239369837e275923af59e683d07efadb821119aa3038d1d0d263ef6413d2a1ac290d012e679b13cc2484a3a07efcf04f6a4fc497c12e3d756bfeb5b25e51bd1
- SSDEEP
  
  12288:kelOqMds1R6CNROVZC7/U0PLyL2wJ/jtKUVnK8dB3KfncHsQjeZpYXkj3FGNij85:kelVT5NArC7/pzyLThfoaoZXF8COViW
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2