General

  • Target

    NOA_-_CMA_CGM_ARRIVAL_NOTICE .lzh

  • Size

    103KB

  • Sample

    210915-h9em2saah5

  • MD5

    0629447f7cc0074ebb9c8ae929d10084

  • SHA1

    aebed9ea44d5345f5d11d3a08600da4b0ff56cbd

  • SHA256

    fd9da0093b596d2e655ff77cc0eed776326ce5833249f1f337a6dffef9f6c4a2

  • SHA512

    dcd772d801afff59158a89a15273b0155ea9bf755da6b2fdc398fffbec7d382089add7bef45ea4adfc0a8ed1f5ea8dc7c160331e0ffea5f4830e9945cc6a8e3e

Score
10/10

Malware Config

Targets

    • Target

      NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe

    • Size

      456KB

    • MD5

      e8bceea59b2074bd08bf68ab55ecdf3e

    • SHA1

      8b62bf811b03fe25924ef6ff4d4afd89c902f7cd

    • SHA256

      0b4684d82509a6e7e0c1cb63174bf68d182ccff75a3d19f16821127605d636b8

    • SHA512

      405f00ffa49ecb3131f0a16afa2b4488c8580c2c8161a0bd4384b9218c9dc74a21812fe6a86f49c16f08959b4743d9f19bb07f7524ce63e6ed339ab01679add1

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks