General
-
Target
cb03fe75572bc1d3406e9b3cda1e782e.exe
-
Size
160KB
-
Sample
210422-drqrlfbxy2
-
MD5
cb03fe75572bc1d3406e9b3cda1e782e
-
SHA1
d66bb237393370460edb2f32b3a696823f9bc9f4
-
SHA256
19bf54b5145b7080462d1f459dd88a6c7b8f6eb815be116651ad9016939777f0
-
SHA512
d4509419b97b105554ebfa27826afbf407ba6a41e89275f1fd6f28c120076a9e99965cac78fd41b63e6918d92176a9c6cd7414af904e395d6165e536a8d236d9
Static task
static1
Behavioral task
behavioral1
Sample
cb03fe75572bc1d3406e9b3cda1e782e.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
cb03fe75572bc1d3406e9b3cda1e782e.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
cb03fe75572bc1d3406e9b3cda1e782e.exe
-
Size
160KB
-
MD5
cb03fe75572bc1d3406e9b3cda1e782e
-
SHA1
d66bb237393370460edb2f32b3a696823f9bc9f4
-
SHA256
19bf54b5145b7080462d1f459dd88a6c7b8f6eb815be116651ad9016939777f0
-
SHA512
d4509419b97b105554ebfa27826afbf407ba6a41e89275f1fd6f28c120076a9e99965cac78fd41b63e6918d92176a9c6cd7414af904e395d6165e536a8d236d9
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Guloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-