General

  • Target

    VAN DE WERT - po240975_jpg.exe

  • Size

    445KB

  • Sample

    221222-qjm6hahf5z

  • MD5

    e5fdfc2e819712600c1cf79d4f274022

  • SHA1

    bc947ca0dc25f1ba54ccbe5a14d84f53f22feb9d

  • SHA256

    7c54b7d54c409f3eee45a1ed7e7eee5da5c0577c2fcf974defa989d75a9ef9aa

  • SHA512

    aec8f7481909206169cc7f51b6fb7747e214f237db71ba7ec523a495256179412a17eab91346e9d04b6c622743a4b7693b5bc64a6c3e0ece9f9b4b63c47ddf21

  • SSDEEP

    12288:SzgOyj6Yd/6W48bLL+NVkOb/wZKpYgIgfC:jOyvd/zLLAVkObosW

Score
10/10

Malware Config

Targets

    • Target

      VAN DE WERT - po240975_jpg.exe

    • Size

      445KB

    • MD5

      e5fdfc2e819712600c1cf79d4f274022

    • SHA1

      bc947ca0dc25f1ba54ccbe5a14d84f53f22feb9d

    • SHA256

      7c54b7d54c409f3eee45a1ed7e7eee5da5c0577c2fcf974defa989d75a9ef9aa

    • SHA512

      aec8f7481909206169cc7f51b6fb7747e214f237db71ba7ec523a495256179412a17eab91346e9d04b6c622743a4b7693b5bc64a6c3e0ece9f9b4b63c47ddf21

    • SSDEEP

      12288:SzgOyj6Yd/6W48bLL+NVkOb/wZKpYgIgfC:jOyvd/zLLAVkObosW

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks