Overview

overview

7

Static

static

3

TLSBZ/Tlsbzdll.dll

windows7-x64

7

TLSBZ/Tlsbzdll.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43c9ffb335203ec1f60e1ac8ba88e1ef

  • Size

    1.0MB

  • Sample

    240105-qmt38acghj

  • MD5

    43c9ffb335203ec1f60e1ac8ba88e1ef

  • SHA1

    c191b5fa165481d2de1b2d4270569e9f5f0e6e85

  • SHA256

    2903dcf58fe4135579893ae078d23cb67c48a0227ae0f1f084f5b2b6031fc83a

  • SHA512

    8e227534b80c4556d944408d5588f13f659308fa862f67b99b89206906cfa153da891e58c41394ff5dc054183245c1891f6fb6789c89ecf07253b7a79dc6e0f6

  • SSDEEP

    24576:w3U7Rtf7FVts3K1+2cpTB4mV01iAIB0oS3EYmK/tai:l7xDI2mi1iAUW3EU/t1

Score
7/10
evasion

Malware Config

Targets

    • Target

      TLSBZ/Tlsbzdll.dll

    • Size

      764KB

    • MD5

      fd5d4af1e94717c261caa2220e728db4

    • SHA1

      9c43a2fd2404b21517b3e7c5b0477b2f7ce60dba

    • SHA256

      082797f702bc4fc705327a815cbb18dc8ed56bd424e2bd468bce44e8b4b6ae4a

    • SHA512

      ce7b5bea6c8b94582fbc95c011e2ef08d9bd49a7297aed491a4bd9d1d9889bab563d15e08ccac374c5951143279d8893f6afb3272590ed038a2f415b278c4dbc

    • SSDEEP

      12288:pzEzgy3Y/44Y2PRkQ9+7HfZNWJfocrBPWsp4sY88LozPzSj7XCOozRa:FAs44cffZkJfocXNV8CSj7SO

    Score
    7/10
    evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks