Overview

overview

7

Static

static

7

404ce8c523...a1.exe

windows7-x64

7

404ce8c523...a1.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    404ce8c52393b61b5b86eee1e4ab8ba1

  • Size

    1.4MB

  • Sample

    240104-jnw6msbeck

  • MD5

    404ce8c52393b61b5b86eee1e4ab8ba1

  • SHA1

    eadbd548af03450939699dd55dc9384bd0a0e436

  • SHA256

    260ee615771952413d691e08fb24f8ee762834e859de681fcc3dc3be9f596a42

  • SHA512

    bba08304fc4f36f6a17bc8ebca0244fc6b7e821b44912f8c53f76f4f7ddc671dcb948213819e4f02ea7fcd4409ca2d5333984b58b8311ea4853f09148a0246e7

  • SSDEEP

    24576:15oGEXLkgGx8pybaN52u8gfVHT2TgDA3cXPkzJUJf+o7eHWnkeWOHq7:AGYBg8pymNxpKsD+cXMVU4FHWnkez

Score
7/10
evasionpersistencethemida

Malware Config

Targets

    • Target

      404ce8c52393b61b5b86eee1e4ab8ba1

    • Size

      1.4MB

    • MD5

      404ce8c52393b61b5b86eee1e4ab8ba1

    • SHA1

      eadbd548af03450939699dd55dc9384bd0a0e436

    • SHA256

      260ee615771952413d691e08fb24f8ee762834e859de681fcc3dc3be9f596a42

    • SHA512

      bba08304fc4f36f6a17bc8ebca0244fc6b7e821b44912f8c53f76f4f7ddc671dcb948213819e4f02ea7fcd4409ca2d5333984b58b8311ea4853f09148a0246e7

    • SSDEEP

      24576:15oGEXLkgGx8pybaN52u8gfVHT2TgDA3cXPkzJUJf+o7eHWnkeWOHq7:AGYBg8pymNxpKsD+cXMVU4FHWnkez

    Score
    7/10
    evasionpersistencethemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks