General
-
Target
Shipment wk017 Note.rar
-
Size
51KB
-
Sample
210420-xgcnhfn4ax
-
MD5
2ddcb1b26da2cd81c9de136ebf744c77
-
SHA1
7e38b228aff331f7dba6269b200593e246cf709e
-
SHA256
2122bc20e4c6f98a7044e7263ea66bab43ef57c7937013fcce1f340bdbe0b986
-
SHA512
d40581a0f78af3a5772630dfa1b121b050cc75dc1835e5402c4d764f23bd706f17f1809f0eb5c3544135ff93faa76f7eae30d0736427f84b3adf81bbf5b05b20
Static task
static1
Behavioral task
behavioral1
Sample
Shipment wk017 Note.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
Shipment wk017 Note.exe
-
Size
136KB
-
MD5
888dc51206a6512e8aa6cb60a7012029
-
SHA1
8bf815c49cf4a369bbdf6a8cedcf893c0c634d47
-
SHA256
e63e3587e1c98a2512669f1a8a31c594f18eb8087e9ff413cba99e849315566a
-
SHA512
5d913afd3f61e33d0e37fac4aeaf1506af072d501d8b6c9f1bb4385399e2e3d312b338ebebd6332f74f48ae183469321b63db8d495cec0ff9a05bb24fa10fb4d
-
Guloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-