General

  • Target

    vmzeus_3.2.5.2.vir

  • Size

    316KB

  • Sample

    200719-wmjbnbzqen

  • MD5

    60eaea81c77422b615b2cfd50417c87e

  • SHA1

    950612793a50dac774040a1e99ead2160e63657c

  • SHA256

    3917759ae65f10aec4f9d5e5628fead573d8f3b4bba59a8f1fcd6692ec563436

  • SHA512

    175588b7362ae09a0b575663604c97bd875eacd2b40ab9e945a4fa2f24472708b85c238738c057690551d636cefe9a58e5e4f46371171678a9cd4af3b3d3b559

Score
8/10

Malware Config

Targets

    • Target

      vmzeus_3.2.5.2.vir

    • Size

      316KB

    • MD5

      60eaea81c77422b615b2cfd50417c87e

    • SHA1

      950612793a50dac774040a1e99ead2160e63657c

    • SHA256

      3917759ae65f10aec4f9d5e5628fead573d8f3b4bba59a8f1fcd6692ec563436

    • SHA512

      175588b7362ae09a0b575663604c97bd875eacd2b40ab9e945a4fa2f24472708b85c238738c057690551d636cefe9a58e5e4f46371171678a9cd4af3b3d3b559

    Score
    8/10
    • Executes dropped EXE

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Tasks