General

  • Target

    vmzeus_3.2.3.1.vir

  • Size

    279KB

  • Sample

    200719-w9vxcacdqn

  • MD5

    0f09d8d3edf0e06e79fb15df680be3ac

  • SHA1

    4881a85b7531ed2211e0c722a5bb1c9e9c522c54

  • SHA256

    e3e1334530a63bb70e51fdd7c28ad51bfcdff8022d393a8dbbd6a398e90ff12c

  • SHA512

    753302eb82312b86e997e5ea7644fb9de0dc240eaf8c6d6e912f4f73528ef691692384bd57cd74cc5f521c90718463376d4484e3c29525e1c0add2577fd5890d

Score
8/10

Malware Config

Targets

    • Target

      vmzeus_3.2.3.1.vir

    • Size

      279KB

    • MD5

      0f09d8d3edf0e06e79fb15df680be3ac

    • SHA1

      4881a85b7531ed2211e0c722a5bb1c9e9c522c54

    • SHA256

      e3e1334530a63bb70e51fdd7c28ad51bfcdff8022d393a8dbbd6a398e90ff12c

    • SHA512

      753302eb82312b86e997e5ea7644fb9de0dc240eaf8c6d6e912f4f73528ef691692384bd57cd74cc5f521c90718463376d4484e3c29525e1c0add2577fd5890d

    Score
    8/10
    • Executes dropped EXE

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Tasks