General
-
Target
file3788272827_8378838.vbs
-
Size
152KB
-
Sample
220131-e9d5qsfga9
-
MD5
33f5993382d94c10747bb39c40601645
-
SHA1
28d89be942c1ca21925d2387ca7ac902dd900f86
-
SHA256
7d94ba4135d40f718290df96f679feba3b5e7202c1ad8261a53f262256c5d472
-
SHA512
a2e362781581d691f2b32726e6ae347895fd43882cd622d11968c260137e6cc784eba83d2e62e75f591752f140985ea852f0950b60e0ee3d6550b9c3655ec83e
Static task
static1
Behavioral task
behavioral1
Sample
file3788272827_8378838.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
file3788272827_8378838.vbs
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
file3788272827_8378838.vbs
-
Size
152KB
-
MD5
33f5993382d94c10747bb39c40601645
-
SHA1
28d89be942c1ca21925d2387ca7ac902dd900f86
-
SHA256
7d94ba4135d40f718290df96f679feba3b5e7202c1ad8261a53f262256c5d472
-
SHA512
a2e362781581d691f2b32726e6ae347895fd43882cd622d11968c260137e6cc784eba83d2e62e75f591752f140985ea852f0950b60e0ee3d6550b9c3655ec83e
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-