General
-
Target
vmzeus_3.2.5.2.vir
-
Size
316KB
-
Sample
200719-wmjbnbzqen
-
MD5
60eaea81c77422b615b2cfd50417c87e
-
SHA1
950612793a50dac774040a1e99ead2160e63657c
-
SHA256
3917759ae65f10aec4f9d5e5628fead573d8f3b4bba59a8f1fcd6692ec563436
-
SHA512
175588b7362ae09a0b575663604c97bd875eacd2b40ab9e945a4fa2f24472708b85c238738c057690551d636cefe9a58e5e4f46371171678a9cd4af3b3d3b559
Static task
static1
Behavioral task
behavioral1
Sample
vmzeus_3.2.5.2.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
vmzeus_3.2.5.2.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
vmzeus_3.2.5.2.vir
-
Size
316KB
-
MD5
60eaea81c77422b615b2cfd50417c87e
-
SHA1
950612793a50dac774040a1e99ead2160e63657c
-
SHA256
3917759ae65f10aec4f9d5e5628fead573d8f3b4bba59a8f1fcd6692ec563436
-
SHA512
175588b7362ae09a0b575663604c97bd875eacd2b40ab9e945a4fa2f24472708b85c238738c057690551d636cefe9a58e5e4f46371171678a9cd4af3b3d3b559
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-