6ceb7d3a5b41497617086b40c6458413bf51869c83118d0c085b820d074b6667 | Triage

Sharing

General

Target

7a5adf2c1b41a1c4658cf8f36409df19
Size

656KB
Sample

240127-qkkrrsegaq
MD5

7a5adf2c1b41a1c4658cf8f36409df19
SHA1

14234b5e1735f458352dd226ce03deb0ba674cd8
SHA256

6ceb7d3a5b41497617086b40c6458413bf51869c83118d0c085b820d074b6667
SHA512

c87cd4d625fcdb88b07873ba1c421d5131f933bc5bc8bb873386d10c24dcf03e7755e1c2382ac2c4b91587da28e0857009b516326cef576e7aa33680fc4e75c2
SSDEEP

12288:7RIh6w/Q2t82x4BIf1I3wAxFOVmkGUK4WcK7GwnEPJX2o8Nxb6:DSvt82xfI3w0To8N56

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  7a5adf2c1b41a1c4658cf8f36409df19
- Size
  
  656KB
- MD5
  
  7a5adf2c1b41a1c4658cf8f36409df19
- SHA1
  
  14234b5e1735f458352dd226ce03deb0ba674cd8
- SHA256
  
  6ceb7d3a5b41497617086b40c6458413bf51869c83118d0c085b820d074b6667
- SHA512
  
  c87cd4d625fcdb88b07873ba1c421d5131f933bc5bc8bb873386d10c24dcf03e7755e1c2382ac2c4b91587da28e0857009b516326cef576e7aa33680fc4e75c2
- SSDEEP
  
  12288:7RIh6w/Q2t82x4BIf1I3wAxFOVmkGUK4WcK7GwnEPJX2o8Nxb6:DSvt82xfI3w0To8N56
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2