General
-
Target
A445F0C017C1BA67B329B2E26C5826B6BD3AD019C4D17B644D174F3625F453B0
-
Size
450KB
-
Sample
221123-r1lvfach9w
-
MD5
37716c9e0331afa9093285e7f0a7b081
-
SHA1
97a68f35b3b7b0cfb508cdc6fe7f84fd2564cd26
-
SHA256
a445f0c017c1ba67b329b2e26c5826b6bd3ad019c4d17b644d174f3625f453b0
-
SHA512
205735a2e3c1034a1038b8e8c2d1e0a870743b87e74f74f1682eba27bc1b14bb71a0b6caed705cf41991f8f389984ed4de638472a1f2886c7ed5c83740e75b84
-
SSDEEP
12288:hSJlCMez4G46OE1xR6Ws+k1cB06Dra6wMCcsfoYeBEFK:YLCMW4/U0D196DOiCTzK
Static task
static1
Behavioral task
behavioral1
Sample
答复 CONFIRMATION OF ORDER.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
答复 CONFIRMATION OF ORDER.vbs
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
答复 CONFIRMATION OF ORDER.vbs
-
Size
654KB
-
MD5
c27f7a38b0661de03b69afe76b9697f4
-
SHA1
36fea8822c1b4d33b405c2ab16423ea6c2a02736
-
SHA256
d27c6afe237a969751b1e44c98fcd78f93623816162ac349703e9f3f39e542d1
-
SHA512
56dcc44ac0b0dfcc076cec07eef693928903992cc80fdb0942068dca59f69a0cc6baa3370f3fa9b2865e47f3540de15bd284ae396e42b25421ca57eda5b1f8b2
-
SSDEEP
12288:1ctF/y6uBCMyplUUb4eK9hjS1cpeMpWKLHFPwC9kxXKxMj3:1v6i0lPLYhW9aLHFPoZKxMj3
Score10/10-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-