General
-
Target
SecuriteInfo.com.Gen.Variant.Nemesis.16281.17431.22579.exe
-
Size
641KB
-
Sample
230111-jc11fsfc41
-
MD5
78c0e62a83998e9eed0ec3b279deac7c
-
SHA1
96e44c1537fce904102a354410b3ce71313689db
-
SHA256
b130033e592a261c06575e6022466da91deae5dc9b042847712ddaca2d892dec
-
SHA512
02b6eee74ca262bbd803978480b0250a7250764570816e6de7e477d8aea47f78ffc90c29b44043800906c3acbbefa071ae218fc7521976d6d1c433e276666f0b
-
SSDEEP
12288:1cWJ+6nT8mlombZJu2p4+Gng1ADX9rMIbyyjRk:1XBn1loA/p4hgMBxOyjW
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Gen.Variant.Nemesis.16281.17431.22579.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Gen.Variant.Nemesis.16281.17431.22579.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Gen.Variant.Nemesis.16281.17431.22579.exe
-
Size
641KB
-
MD5
78c0e62a83998e9eed0ec3b279deac7c
-
SHA1
96e44c1537fce904102a354410b3ce71313689db
-
SHA256
b130033e592a261c06575e6022466da91deae5dc9b042847712ddaca2d892dec
-
SHA512
02b6eee74ca262bbd803978480b0250a7250764570816e6de7e477d8aea47f78ffc90c29b44043800906c3acbbefa071ae218fc7521976d6d1c433e276666f0b
-
SSDEEP
12288:1cWJ+6nT8mlombZJu2p4+Gng1ADX9rMIbyyjRk:1XBn1loA/p4hgMBxOyjW
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-