General
-
Target
NOA_-_CMA_CGM_ARRIVAL_NOTICE .lzh
-
Size
103KB
-
Sample
210915-h9em2saah5
-
MD5
0629447f7cc0074ebb9c8ae929d10084
-
SHA1
aebed9ea44d5345f5d11d3a08600da4b0ff56cbd
-
SHA256
fd9da0093b596d2e655ff77cc0eed776326ce5833249f1f337a6dffef9f6c4a2
-
SHA512
dcd772d801afff59158a89a15273b0155ea9bf755da6b2fdc398fffbec7d382089add7bef45ea4adfc0a8ed1f5ea8dc7c160331e0ffea5f4830e9945cc6a8e3e
Static task
static1
Behavioral task
behavioral1
Sample
NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
Resource
win7-en
Behavioral task
behavioral2
Sample
NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
-
Size
456KB
-
MD5
e8bceea59b2074bd08bf68ab55ecdf3e
-
SHA1
8b62bf811b03fe25924ef6ff4d4afd89c902f7cd
-
SHA256
0b4684d82509a6e7e0c1cb63174bf68d182ccff75a3d19f16821127605d636b8
-
SHA512
405f00ffa49ecb3131f0a16afa2b4488c8580c2c8161a0bd4384b9218c9dc74a21812fe6a86f49c16f08959b4743d9f19bb07f7524ce63e6ed339ab01679add1
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-