General
-
Target
618a1e3551560b86454450f3ea580029.exe
-
Size
584KB
-
Sample
200630-mw6ctwedfe
-
MD5
618a1e3551560b86454450f3ea580029
-
SHA1
39d86228750d1eebdb78f60b03c3b638acf72d34
-
SHA256
6edb794a9f28cbd60dcb9fefc0e145f64c9e623b3df235a4a907ca948fd1edb9
-
SHA512
d5b309a0ff9b07e74c9cee1df37a627193393de7cc0fe079ab606d94b2beac948c8d7d25378de3cf87b00c7227c70fa8e49291d6060a7254e2ce0439a09c2305
Static task
static1
Behavioral task
behavioral1
Sample
618a1e3551560b86454450f3ea580029.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
618a1e3551560b86454450f3ea580029.exe
Resource
win10
Malware Config
Targets
-
-
Target
618a1e3551560b86454450f3ea580029.exe
-
Size
584KB
-
MD5
618a1e3551560b86454450f3ea580029
-
SHA1
39d86228750d1eebdb78f60b03c3b638acf72d34
-
SHA256
6edb794a9f28cbd60dcb9fefc0e145f64c9e623b3df235a4a907ca948fd1edb9
-
SHA512
d5b309a0ff9b07e74c9cee1df37a627193393de7cc0fe079ab606d94b2beac948c8d7d25378de3cf87b00c7227c70fa8e49291d6060a7254e2ce0439a09c2305
Score10/10-
Modifies WinLogon for persistence
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Modifies service
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-