921adb804f89d2f3aceb2afed67da29659da67e70fafd2f04820a0ae6e183a10 | Triage

Resubmissions

05-12-2022 16:23

221205-tv5fpsfe42 10

05-12-2022 15:18

221205-sp28qafa2w 7

Sharing

General

Target

Attachments.zip
Size

321KB
Sample

221205-sp28qafa2w
MD5

e9bc2f2323b176bdf4653010637e2525
SHA1

97f9fbfcc48eb2d05b4024ced41065659e42a6a3
SHA256

921adb804f89d2f3aceb2afed67da29659da67e70fafd2f04820a0ae6e183a10
SHA512

b41cd9591b474d8945316820307b58c8dde2258612b7f04599ad8d427cb8f0d3b14e2abb7608b8675fe25e10d208b5ed84f053377f7dbb3dd79c0e704c746607
SSDEEP

6144:HhjDXg9cMgWdgp/wW02zhK7MuvcTRobXpg+P:H1rWdo/zLujpg+P

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Salary-Increase-Datasheet-Deceember-2022.vbe
- Size
  
  602KB
- MD5
  
  03f14b68315fa272d3f573c265fad342
- SHA1
  
  1ab4db87eda2c6e38adf91db4769a0d35468afdf
- SHA256
  
  ca69ae5499c657b8b383cf6351147762093ecaa876f8b7c31850b32e10dc8c89
- SHA512
  
  a5e8171828dbf7074a1fedea6a6bcad1341387cc238a12411e70b4ba78d5effdd81d5e21d61971bc09cde6a0207ce5776a5e2eed5bd0e560666de076c5282a3c
- SSDEEP
  
  12288:Y4xIeYbcj1U0xh99kYjUBW9g3VneffpEb:ieJxU0N93gW9ySfpEb
Score

7^/10

persistence
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2