General
-
Target
5f94b6301d49cbae4a3903baa511586a.exe
-
Size
92KB
-
Sample
201109-6efdzlx4qx
-
MD5
5f94b6301d49cbae4a3903baa511586a
-
SHA1
58e9c38396b81303c0ad5e5ddf7815c5f2387345
-
SHA256
9ce39afed2b1b439d074bcda9791a603e32054133fb4928c58f4504af4cda576
-
SHA512
6d92fad5bec13a758416fe5bfa30352245ab407ae20602b5b39c0d34c31a7c086a0ee6cca56852d86c1ac0c02b537d09387768931c864cd3f23ac71f9a35e264
Static task
static1
Behavioral task
behavioral1
Sample
5f94b6301d49cbae4a3903baa511586a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5f94b6301d49cbae4a3903baa511586a.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
5f94b6301d49cbae4a3903baa511586a.exe
-
Size
92KB
-
MD5
5f94b6301d49cbae4a3903baa511586a
-
SHA1
58e9c38396b81303c0ad5e5ddf7815c5f2387345
-
SHA256
9ce39afed2b1b439d074bcda9791a603e32054133fb4928c58f4504af4cda576
-
SHA512
6d92fad5bec13a758416fe5bfa30352245ab407ae20602b5b39c0d34c31a7c086a0ee6cca56852d86c1ac0c02b537d09387768931c864cd3f23ac71f9a35e264
Score8/10-
Executes dropped EXE
-
Checks QEMU agent state file
Checks state file used by QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-