NOA_-_CMA_CGM_ARRIVAL_NOTICE .lzh

General
Target

NOA_-_CMA_CGM_ARRIVAL_NOTICE .lzh

Size

103KB

Sample

210915-hkr7vadafk

Score
10 /10
MD5

0629447f7cc0074ebb9c8ae929d10084

SHA1

aebed9ea44d5345f5d11d3a08600da4b0ff56cbd

SHA256

fd9da0093b596d2e655ff77cc0eed776326ce5833249f1f337a6dffef9f6c4a2

SHA512

dcd772d801afff59158a89a15273b0155ea9bf755da6b2fdc398fffbec7d382089add7bef45ea4adfc0a8ed1f5ea8dc7c160331e0ffea5f4830e9945cc6a8e3e

Malware Config
Targets
Target

NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe

MD5

e8bceea59b2074bd08bf68ab55ecdf3e

Filesize

456KB

Score
10 /10
SHA1

8b62bf811b03fe25924ef6ff4d4afd89c902f7cd

SHA256

0b4684d82509a6e7e0c1cb63174bf68d182ccff75a3d19f16821127605d636b8

SHA512

405f00ffa49ecb3131f0a16afa2b4488c8580c2c8161a0bd4384b9218c9dc74a21812fe6a86f49c16f08959b4743d9f19bb07f7524ce63e6ed339ab01679add1

Tags

Signatures

  • Guloader,Cloudeye

    Description

    A shellcode based downloader first seen in 2020.

    Tags

  • Checks QEMU agent file

    Description

    Checks presence of QEMU agent, possibly to detect virtualization.

    TTPs

    Query Registry System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10