General
-
Target
Client.vbs
-
Size
177KB
-
Sample
221125-dpzp9sbe7x
-
MD5
bcfb5c05a5695508cae014e0fb254785
-
SHA1
6cb6d497451b32d393f7b2dc1beb2b0baf80b0d3
-
SHA256
e443da0d45d95a550c2f2637c8b7f3000aa9fef71840a4deff34333ad51d3c32
-
SHA512
8a66382d94001e0662f63553d2fdb06335c52e37994425ad980f0c87c0f9b388635b21816dfba6542d694f5f96dc53b1666424c22f5a815c326bc5046e1c08db
-
SSDEEP
3072:4od0wW0uWMKsiQjL7Ow0z72qo3NFOrvEFbGHTnC66xgZ7/9T/Dv5vwLI2c:bd5uWBsiQXJ0+nOQITCFOr9vSBc
Malware Config
Targets
-
-
Target
Client.vbs
-
Size
177KB
-
MD5
bcfb5c05a5695508cae014e0fb254785
-
SHA1
6cb6d497451b32d393f7b2dc1beb2b0baf80b0d3
-
SHA256
e443da0d45d95a550c2f2637c8b7f3000aa9fef71840a4deff34333ad51d3c32
-
SHA512
8a66382d94001e0662f63553d2fdb06335c52e37994425ad980f0c87c0f9b388635b21816dfba6542d694f5f96dc53b1666424c22f5a815c326bc5046e1c08db
-
SSDEEP
3072:4od0wW0uWMKsiQjL7Ow0z72qo3NFOrvEFbGHTnC66xgZ7/9T/Dv5vwLI2c:bd5uWBsiQXJ0+nOQITCFOr9vSBc
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-