General
-
Target
customer0010015536.vbs
-
Size
975KB
-
Sample
220310-gbrpaaeca2
-
MD5
bb43fca72e38304fb261a11e42f5ead7
-
SHA1
1162a94026bf4962c9029107a704d13b3cb6107d
-
SHA256
0844f872ff9ebbd8e7c8413bfd7e3781e01b58fa19728dcec60df37cb1e13a3b
-
SHA512
1c413d585a705cd1015b82c8e6bbe767d9109707ff28a76a3ddc2ea94f16b9f0bc4feea383574c848c1455a1e7d7fcf3acfb4741f8042dd0d7cda6883f287d5a
Static task
static1
Behavioral task
behavioral1
Sample
customer0010015536.vbs
Resource
win7-20220223-en
Malware Config
Targets
-
-
Target
customer0010015536.vbs
-
Size
975KB
-
MD5
bb43fca72e38304fb261a11e42f5ead7
-
SHA1
1162a94026bf4962c9029107a704d13b3cb6107d
-
SHA256
0844f872ff9ebbd8e7c8413bfd7e3781e01b58fa19728dcec60df37cb1e13a3b
-
SHA512
1c413d585a705cd1015b82c8e6bbe767d9109707ff28a76a3ddc2ea94f16b9f0bc4feea383574c848c1455a1e7d7fcf3acfb4741f8042dd0d7cda6883f287d5a
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-