General
-
Target
Malware-1.zip
-
Size
114KB
-
Sample
221125-d4jycsce2y
-
MD5
6887741a451647b34654f779ee36dc78
-
SHA1
c913b2f2ce33a59a0df1f33e521f48c2cf471f48
-
SHA256
59fbfefc50c8f11efd9765dbef3cf36f2bb1a39edd4273414906017f1c69f7f6
-
SHA512
3cb5f6f325415e0760020516ff87f4650c3792e62f3466375e3c0a271a583f7bd9bc2ae5352785679956bc76eea83437e8eb0e1c25e9c3deff0ab764d2f6665e
-
SSDEEP
3072:+8U9vSgI6GnQGO67dtheWlDmZbAJBMv7ZPiGV5bRrtA:pZn6AtEWA77liubvA
Static task
static1
Behavioral task
behavioral1
Sample
Client.vbs
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
Client.vbs
Resource
win7-20220812-en
Behavioral task
behavioral3
Sample
Run-VBS-1.bat
Resource
win10-20220812-en
Behavioral task
behavioral4
Sample
Run-VBS-1.bat
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
Client.vbs
-
Size
177KB
-
MD5
bcfb5c05a5695508cae014e0fb254785
-
SHA1
6cb6d497451b32d393f7b2dc1beb2b0baf80b0d3
-
SHA256
e443da0d45d95a550c2f2637c8b7f3000aa9fef71840a4deff34333ad51d3c32
-
SHA512
8a66382d94001e0662f63553d2fdb06335c52e37994425ad980f0c87c0f9b388635b21816dfba6542d694f5f96dc53b1666424c22f5a815c326bc5046e1c08db
-
SSDEEP
3072:4od0wW0uWMKsiQjL7Ow0z72qo3NFOrvEFbGHTnC66xgZ7/9T/Dv5vwLI2c:bd5uWBsiQXJ0+nOQITCFOr9vSBc
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Run-VBS-1.bat
-
Size
26B
-
MD5
b7c4c74c2be103888999b98cabe11762
-
SHA1
72f9c3131b22688b6d9774f7d0e0bdf7af52fc1c
-
SHA256
aec5f3164db58aad2fed2cf82f64c64053656e2e7990318711646a12ef9f5287
-
SHA512
40d65b504b0b830fd5de0503f041d99fe0cfcecf864a8be63a7159676b29c4b535c4481dc3afa4d4c2b6f8cf7f8d453ffc2e39825953401c9aedd66e21b0f60e
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-