713144aa689863bfb8a36e05933bc3e49283d2ec7a95063f304edde93d35e379 | Triage

Sharing

General

Target

b1e3fbbb8813acc2b9daeb1c78469f30
Size

837KB
Sample

240304-mfdk4sgh93
MD5

b1e3fbbb8813acc2b9daeb1c78469f30
SHA1

258f626b93291317117c1959684e5930d3ad625f
SHA256

713144aa689863bfb8a36e05933bc3e49283d2ec7a95063f304edde93d35e379
SHA512

b7148e2c0c016510dce33b0284e76fa1b92de9bddfb409fbb35c6b86b3919a17a9436f03034ad6bc5fdc75f76a17c337ca2acd310809f06c9795e8eaac63fca3
SSDEEP

24576:x/Jq49kTXVType+AvDsvmW/8rgIysIYkr55HR8:XncXVType+AvDs/1IZkr5j8

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  b1e3fbbb8813acc2b9daeb1c78469f30
- Size
  
  837KB
- MD5
  
  b1e3fbbb8813acc2b9daeb1c78469f30
- SHA1
  
  258f626b93291317117c1959684e5930d3ad625f
- SHA256
  
  713144aa689863bfb8a36e05933bc3e49283d2ec7a95063f304edde93d35e379
- SHA512
  
  b7148e2c0c016510dce33b0284e76fa1b92de9bddfb409fbb35c6b86b3919a17a9436f03034ad6bc5fdc75f76a17c337ca2acd310809f06c9795e8eaac63fca3
- SSDEEP
  
  24576:x/Jq49kTXVType+AvDsvmW/8rgIysIYkr55HR8:XncXVType+AvDs/1IZkr5j8
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2