7b6d799270931ac8653e17960b95378a67c532cc4c9ea485e4f3430a58089f97 | Triage

Sharing

General

Target

vmzeus_3.2.8.1.vir
Size

265KB
Sample

200719-rdvz2shlkx
MD5

0422542c1ff6ffbffeeef1737344b3da
SHA1

9594c25b3df6a2e417a8ffa693474284829aade0
SHA256

7b6d799270931ac8653e17960b95378a67c532cc4c9ea485e4f3430a58089f97
SHA512

de1d04bee6c2bacfb09da13732a10daa03a6003e060ff7ce8dd61ad809a96caa33d9bb96bd3b6b4bcb919385ba4764670af9edf58ede21f69643dc8a3d61b6ea

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  vmzeus_3.2.8.1.vir
- Size
  
  265KB
- MD5
  
  0422542c1ff6ffbffeeef1737344b3da
- SHA1
  
  9594c25b3df6a2e417a8ffa693474284829aade0
- SHA256
  
  7b6d799270931ac8653e17960b95378a67c532cc4c9ea485e4f3430a58089f97
- SHA512
  
  de1d04bee6c2bacfb09da13732a10daa03a6003e060ff7ce8dd61ad809a96caa33d9bb96bd3b6b4bcb919385ba4764670af9edf58ede21f69643dc8a3d61b6ea
Score

8^/10

persistence evasion
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceevasion

behavioral2