General
-
Target
1.exe
-
Size
112KB
-
Sample
220125-xjazhadcf4
-
MD5
ae871d1957030344d4cefc7295a1e964
-
SHA1
73e0d642d14ca3dcfca3d22fa2312968d1ba5cd6
-
SHA256
6f8a836d10eada55bb1d3901ceb5b97711afc9f7018e3bd0f0a8e77521f18e5b
-
SHA512
bc5a39f9a86bc6d461c32a947a61d7bbd0dd8ae93700bc9e3e984b33df6b9a0fac0e8dd71ca50e8dcfee9314bd00824fd4ec507c66e22e4bd20c1edf0dad4679
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
1.exe
-
Size
112KB
-
MD5
ae871d1957030344d4cefc7295a1e964
-
SHA1
73e0d642d14ca3dcfca3d22fa2312968d1ba5cd6
-
SHA256
6f8a836d10eada55bb1d3901ceb5b97711afc9f7018e3bd0f0a8e77521f18e5b
-
SHA512
bc5a39f9a86bc6d461c32a947a61d7bbd0dd8ae93700bc9e3e984b33df6b9a0fac0e8dd71ca50e8dcfee9314bd00824fd4ec507c66e22e4bd20c1edf0dad4679
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-