3ec441b6dc306bdfa2a098d7949764cd3d450805709c9c1320ceb946913ddf92 | Triage

Sharing

General

Target

3ec4c125ad1867ba2d650c27f419431a
Size

760KB
Sample

240103-rpdppaedgq
MD5

3ec4c125ad1867ba2d650c27f419431a
SHA1

6382c40223b5bfa7435a9b3ca252c4895de10653
SHA256

3ec441b6dc306bdfa2a098d7949764cd3d450805709c9c1320ceb946913ddf92
SHA512

f0eb5e6ea336a7b1490331c76feaa9540e5e99ee861023d956d2ba6b064b2978b5c974428b27155c71b87cae8284058d81b7a683cb849263697b06a9e90f7b3c
SSDEEP

12288:A2kuz7Qlal4ZGqepNwSY3boS6vY2L1uYcU1VPbKNmz3IUrQYHvHnulo:AQYaXNpNwR3bopg2L1XONmPEXo

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  WinLockDLL.dll
- Size
  
  771KB
- MD5
  
  efcf37a1d1a3316d8b69955d2e8088d6
- SHA1
  
  5b5261f487c2c54220a454297c163246c1fa4c58
- SHA256
  
  813459d87bf76c4c1162f8a5ae9281cf68bfa667de09798dcef97f31235fc890
- SHA512
  
  f512315f0fadad5deefa0e137cdced246f82b59d788a8e0d1c798cadfa70cff0d78611e904d89f328d014b72ad1db02023b8d3b76e6d9a5adfe6bd4754c1f37d
- SSDEEP
  
  24576:0/7/SfyU+BmVkbxENDetsMSYtcHNT66S/:nfyskbxPHSBHN26S/
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2