General
-
Target
d17564de48674471080c2872ecf291979d81c640a964f1be000dc4bdb73d3a9d
-
Size
112KB
-
Sample
221209-rndcjagb9w
-
MD5
a0a43077ce1076346b76d810b37b3452
-
SHA1
beaea5e9c198eb914542c567d6aa2ac405291bbe
-
SHA256
d17564de48674471080c2872ecf291979d81c640a964f1be000dc4bdb73d3a9d
-
SHA512
f27723630567b84d0e7db9af7a6e354223d3f477d69254c47ee018a2e43ebcea63da830144c0b9c0cc1292cd41c26e0ac0d630e6ed1b482e2250a8db9fae8ea6
-
SSDEEP
1536:czITVdWJBDPHidw5C8i1PsVrg/+3DGCHyIk0AWj9ehGE:hTkxZbDGvIk0w
Static task
static1
Behavioral task
behavioral1
Sample
d17564de48674471080c2872ecf291979d81c640a964f1be000dc4bdb73d3a9d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d17564de48674471080c2872ecf291979d81c640a964f1be000dc4bdb73d3a9d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
d17564de48674471080c2872ecf291979d81c640a964f1be000dc4bdb73d3a9d
-
Size
112KB
-
MD5
a0a43077ce1076346b76d810b37b3452
-
SHA1
beaea5e9c198eb914542c567d6aa2ac405291bbe
-
SHA256
d17564de48674471080c2872ecf291979d81c640a964f1be000dc4bdb73d3a9d
-
SHA512
f27723630567b84d0e7db9af7a6e354223d3f477d69254c47ee018a2e43ebcea63da830144c0b9c0cc1292cd41c26e0ac0d630e6ed1b482e2250a8db9fae8ea6
-
SSDEEP
1536:czITVdWJBDPHidw5C8i1PsVrg/+3DGCHyIk0AWj9ehGE:hTkxZbDGvIk0w
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-