General
-
Target
Shipment Document BL,INV and packing list.jpg.ace
-
Size
71KB
-
Sample
210915-hxnp7adbar
-
MD5
da6877ef1c87bc4935317ad9aec310c7
-
SHA1
58168ab3a37b6e90a1e655cfc83fa1eb10f7bae2
-
SHA256
5c40de04e12f0037da4fe06a6b95f56ed472b342566d25736f4b671ef5462b65
-
SHA512
5edbf1cc4444e445e2bbef116e89c838a2ac6655d547a9c890195a994ab84c7a2cabcd6aeb6712b18b94beff81d49fe4ff3f559503499e4c622e6a9ada508489
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Document BL,INV and packing list.jpg.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Shipment Document BL,INV and packing list.jpg.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
Shipment Document BL,INV and packing list.jpg.exe
-
Size
128KB
-
MD5
df2413a552334b77e540bb8c69bf9763
-
SHA1
453f88a44b3966a97fc4005a0b6edf894cdc8d41
-
SHA256
434e6827ed58ffd66a28619822626816559605a4e5d7c7cfe8770d3af043527d
-
SHA512
de9fdb8b874bc68820be7cd0421d23265fc8127b4ed274461f48fcdb9efd3b374a4900b8b6ed6e741ca1e965d9093f6a8b05dbed3989a6ac26c985cded212f9d
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-