General
-
Target
DOCUMENT839$#789.exe
-
Size
280KB
-
Sample
230127-hn73gaab3v
-
MD5
eeab2b63b0cf6d658e8c2ce3d675d0a4
-
SHA1
8dc3099040d3ebfb5a3ff70f47113ccd35056ea1
-
SHA256
e689963b4319dd5d5249ac1c629af5951f4e90db8040bf7ee33492e54c2c6487
-
SHA512
6afc37686b93501ee95537ff23ba505aefcdbff04218716e97258044918e95eebc57c3c4e09677a455fd02a574c8d90abea11b952e1f68b14466dcce6221f250
-
SSDEEP
6144:ThRZveJuZhAg4T2OSCgTSB5RulTjbuUGRRrZxwq7hcpv9gQ6zvyG:92JuZhP/pkaTjbuRrT7hcplgQ0
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT839$#789.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
DOCUMENT839$#789.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
DOCUMENT839$#789.exe
-
Size
280KB
-
MD5
eeab2b63b0cf6d658e8c2ce3d675d0a4
-
SHA1
8dc3099040d3ebfb5a3ff70f47113ccd35056ea1
-
SHA256
e689963b4319dd5d5249ac1c629af5951f4e90db8040bf7ee33492e54c2c6487
-
SHA512
6afc37686b93501ee95537ff23ba505aefcdbff04218716e97258044918e95eebc57c3c4e09677a455fd02a574c8d90abea11b952e1f68b14466dcce6221f250
-
SSDEEP
6144:ThRZveJuZhAg4T2OSCgTSB5RulTjbuUGRRrZxwq7hcpv9gQ6zvyG:92JuZhP/pkaTjbuRrT7hcplgQ0
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-