General
-
Target
1f86ae518180a446b6512634165900094f510d6f55eb32a61e593b948b5905db
-
Size
44KB
-
Sample
220521-xy46wscgf8
-
MD5
411185067af1c689e07919d1899420c6
-
SHA1
85c7d61dbeecc80d17a42093ff3d16e68288c62b
-
SHA256
1f86ae518180a446b6512634165900094f510d6f55eb32a61e593b948b5905db
-
SHA512
209ddd1c35e4e5944de846fef779d8926fdfe454440a0f6ff2a80601e744a104738e77c58fd3e22f465e6e621706c5bffc1b31cbcc68a0a9805a572b7f007a5c
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
guloader
https://cor.sehablae.com/man.bin
Targets
-
-
Target
QUOTE.exe
-
Size
92KB
-
MD5
90ce0f474374981b8878cbf7b91e0bdc
-
SHA1
ae174ad9d8638191dd732f851824833c6579acde
-
SHA256
b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac
-
SHA512
b7fbc087525f0b307b24e3ecc2c2077ac24e50f6b7329c2b8968dd555187da17900f585d697bd1e6e566bfc7078efac6509146cd33b544c5a80a812260569999
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-