General
-
Target
b1e3fbbb8813acc2b9daeb1c78469f30
-
Size
837KB
-
Sample
240304-mfdk4sgh93
-
MD5
b1e3fbbb8813acc2b9daeb1c78469f30
-
SHA1
258f626b93291317117c1959684e5930d3ad625f
-
SHA256
713144aa689863bfb8a36e05933bc3e49283d2ec7a95063f304edde93d35e379
-
SHA512
b7148e2c0c016510dce33b0284e76fa1b92de9bddfb409fbb35c6b86b3919a17a9436f03034ad6bc5fdc75f76a17c337ca2acd310809f06c9795e8eaac63fca3
-
SSDEEP
24576:x/Jq49kTXVType+AvDsvmW/8rgIysIYkr55HR8:XncXVType+AvDs/1IZkr5j8
Static task
static1
Behavioral task
behavioral1
Sample
b1e3fbbb8813acc2b9daeb1c78469f30.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b1e3fbbb8813acc2b9daeb1c78469f30.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
b1e3fbbb8813acc2b9daeb1c78469f30
-
Size
837KB
-
MD5
b1e3fbbb8813acc2b9daeb1c78469f30
-
SHA1
258f626b93291317117c1959684e5930d3ad625f
-
SHA256
713144aa689863bfb8a36e05933bc3e49283d2ec7a95063f304edde93d35e379
-
SHA512
b7148e2c0c016510dce33b0284e76fa1b92de9bddfb409fbb35c6b86b3919a17a9436f03034ad6bc5fdc75f76a17c337ca2acd310809f06c9795e8eaac63fca3
-
SSDEEP
24576:x/Jq49kTXVType+AvDsvmW/8rgIysIYkr55HR8:XncXVType+AvDs/1IZkr5j8
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1