060b1eaceddf4370b8a2112d0b9d98d44ea34b28eea95615d79c330e6d09b64d | Triage

Sharing

General

Target

7a6576a7f18af79285fad2f63e92fd80
Size

666KB
Sample

240127-qx66jafbbm
MD5

7a6576a7f18af79285fad2f63e92fd80
SHA1

4c082430484ce460196e2eb969881863a6855fcf
SHA256

060b1eaceddf4370b8a2112d0b9d98d44ea34b28eea95615d79c330e6d09b64d
SHA512

a27f52c4c05fba7e9bdfeedaa459c042182075c5fda7a9061d9c6d94f91c8dfa72954ec679924dd795c7b2c85363d09e46411f71a2d5e9d57e499e4149e969b1
SSDEEP

12288:dRbvSdrNOEJnArF3J6AmmimkzCFt6dxaVjUo6gucy0m7g0Tk0kBV5UOTyYN5z1Aw:dRbvulngNJDmmiJGFt6dq7hm7g0TkLVl

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  7a6576a7f18af79285fad2f63e92fd80
- Size
  
  666KB
- MD5
  
  7a6576a7f18af79285fad2f63e92fd80
- SHA1
  
  4c082430484ce460196e2eb969881863a6855fcf
- SHA256
  
  060b1eaceddf4370b8a2112d0b9d98d44ea34b28eea95615d79c330e6d09b64d
- SHA512
  
  a27f52c4c05fba7e9bdfeedaa459c042182075c5fda7a9061d9c6d94f91c8dfa72954ec679924dd795c7b2c85363d09e46411f71a2d5e9d57e499e4149e969b1
- SSDEEP
  
  12288:dRbvSdrNOEJnArF3J6AmmimkzCFt6dxaVjUo6gucy0m7g0Tk0kBV5UOTyYN5z1Aw:dRbvulngNJDmmiJGFt6dq7hm7g0TkLVl
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2