General
-
Target
LisectAVT_2403002A_206.exe
-
Size
2.3MB
-
Sample
240724-3v7qhavcqp
-
MD5
e585f3a248e9df2acd69bd1ccab87933
-
SHA1
63d8b10e143b1189cbd39a97866ada23ed0515e7
-
SHA256
9e4130379c0d965fd6ef2fba7e400258c84d063b9b73508b54e954d9a9fedea7
-
SHA512
c8dd113c0981f999fc23a63eadd2f8b3f3921b6a565479f2a2f1600d2fb7495a8288303d8eb6e7e3b28c4687242f8856a37c39a9da90accde8a1e4d018e244ee
-
SSDEEP
49152:KJfe3owTB0iX39aF7VnwFmvS/5pvXTOyPC3j5gMYKuQ7CzS3vv3jirr3jjWiTaOw:KNe3owTB0iX3gFtwFmvS/3PTNaTbuVz7
Behavioral task
behavioral1
Sample
LisectAVT_2403002A_206.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
LisectAVT_2403002A_206.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
LisectAVT_2403002A_206.exe
-
Size
2.3MB
-
MD5
e585f3a248e9df2acd69bd1ccab87933
-
SHA1
63d8b10e143b1189cbd39a97866ada23ed0515e7
-
SHA256
9e4130379c0d965fd6ef2fba7e400258c84d063b9b73508b54e954d9a9fedea7
-
SHA512
c8dd113c0981f999fc23a63eadd2f8b3f3921b6a565479f2a2f1600d2fb7495a8288303d8eb6e7e3b28c4687242f8856a37c39a9da90accde8a1e4d018e244ee
-
SSDEEP
49152:KJfe3owTB0iX39aF7VnwFmvS/5pvXTOyPC3j5gMYKuQ7CzS3vv3jirr3jjWiTaOw:KNe3owTB0iX3gFtwFmvS/3PTNaTbuVz7
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1