Overview

overview

9

Static

static

7

Wind/libcurl.dll

windows7-x64

1

Wind/libcurl.dll

windows10-2004-x64

1

Wind/windinject.exe

windows7-x64

9

Wind/windinject.exe

windows10-2004-x64

9

Wind/xxhash.dll

windows7-x64

1

Wind/xxhash.dll

windows10-2004-x64

1

Wind/zlib1.dll

windows7-x64

1

Wind/zlib1.dll

windows10-2004-x64

1

Wind/zstd.dll

windows7-x64

1

Wind/zstd.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Wind.rar

  • Size

    4.6MB

  • Sample

    240722-sr842sthna

  • MD5

    2b8130553fc24fa0ff3773fe2b5559cd

  • SHA1

    fcf0ee0025df29c9a70b071009f5bcb26eb67d6f

  • SHA256

    31d607d13e2e191b50bc779c2b3c1d8f0e26c3a1cb531d827ec88757b9350129

  • SHA512

    9f578d954794c86a4d4a0cdb296e23f12cb021d25c4d0f8da986a11233d0ec4670e63c1bdf2a98d36bbc081ecaea27f154ae5658fb50b3ae712e8c788e0e2e59

  • SSDEEP

    98304:pfBCQGHVcxE2lcXjiuq+5t+Hpl4ScY/WC4pt6tcc/FDiijRckKTUidFM4wk:D9G1c5FebE4MmtybeuRMTKO

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Wind/libcurl.dll

    • Size

      546KB

    • MD5

      2024156665356070ea193498d076ea7e

    • SHA1

      304fd6c02e788ce55404560e88ecc45d78961d1f

    • SHA256

      815e4160ca9fcf4f6bf2b44b004a35cdb5988103d1204102eb7320ce2146a9bb

    • SHA512

      dec6441fe2fe25e5c2bce8f916d58d3be2bb218f2e82d27e346bce5100caac239c484f4e10f0fdfdc152fda209b066ac04d89b62bdcbe5cfe0393734beb16962

    • SSDEEP

      12288:TIEuXoN7eLmPPIy/KN2nalkLPrEOkTR1VcTo/w4l8DJCLd:EEAoleL2PIyyNrlkLPG1VcTo/w4l8DJs

    Score
    1/10
    behavioral1behavioral2

    • Target

      Wind/windinject.exe

    • Size

      4.1MB

    • MD5

      c1fd6ae785fee5eb02f71cfbad13b4bc

    • SHA1

      85a16959ea749968617fea74b69d99ec1ac3a040

    • SHA256

      e9d208096f2c16576aff2154d7b2dc088876c515df5c3b8d72da53ce1f2169e9

    • SHA512

      009b925191a9c581e4413fbabc3acd3ee0f8e6b360073d99385b05fd2a2b72d6aa55ec5c541a9218f431d5518463550c5d7259d0dadf861204afcb9aeadaee3c

    • SSDEEP

      98304:3H+I06sw0aXQIq1Rf9yk6/Ql4lnFF55ejAlKK:3H+IRs9aAIqfQZ/zY8T

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      Wind/xxhash.dll

    • Size

      45KB

    • MD5

      fd4a9c28c2b7b7f7cae985eed789f0ce

    • SHA1

      44b51dd9a141f3dfcc090549e6c90071f8b55fb4

    • SHA256

      dc354e7ea9046cadbed8645e4666975a523463500c877574f8e8306d958b7304

    • SHA512

      b3ae3d523a1a2de93f05cfa856ac6984d444ee5180f862f0046be3acd02fb499400909449c7e47f764aea2d7d3863e42c7029b0cfc8803b79a91c9f56f3b8bc1

    • SSDEEP

      768:f9otvM7DZ1LMDJdj+LVvgFlJus4zBYdXK3QDV:f9UEDLMDJxKM0scCXKA

    Score
    1/10
    behavioral5behavioral6

    • Target

      Wind/zlib1.dll

    • Size

      87KB

    • MD5

      46b86e47c082b3ca753e264538c6b9ba

    • SHA1

      aafa06e387ab9eddc120de3fc0127332cdb8fe1d

    • SHA256

      cf0bf2746b40710452df596fabd497df250f7693db652c13971aee7c69226c18

    • SHA512

      31a396fe4349c81067f1936b92e68b058dea5fee2faf972c3bb39d7e2c6ce48292eac5bbc5b43545e07e8aac03f299fb504bfe651b3e432b64e302c651f3d81b

    • SSDEEP

      1536:47wjHHWwn1rhEzjEp70E2thqlzY2qIOcIOZIelMbHi:4cjH2w1EjEpIqa24SZICMri

    Score
    1/10
    behavioral7behavioral8

    • Target

      Wind/zstd.dll

    • Size

      639KB

    • MD5

      91032907f8dc67be99885b0b1169837a

    • SHA1

      63b6cd2442d68907ae64bdf72095ad08f0b4d00e

    • SHA256

      ab04353fdcf07994a048ad4dbec1579436066f047fdd63d36e4e29f4b1dd6a2b

    • SHA512

      83ab14249829f9d98d41363a7a6b5b7be8dfda5f51a017145da7930e42cc9de2ce79a524960d115dc533343b62bfdefdce817d95d0c779687e5ee15f2347856f

    • SSDEEP

      12288:AlNqGONdPaszBp/I3MV4IIdsdVWoRpEn/x:AfazBpw3MV4RdsdVWoRpE

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks