General
-
Target
Trice Chemical February-PO#67388pdf.exe
-
Size
396KB
-
Sample
230127-wckdxsdg7w
-
MD5
99f18e1392de2176e675ed6a03bfc9d7
-
SHA1
ddc161c761aff3f7e9c66dfbf7e10a7c0fd83ea5
-
SHA256
ce3884be774641ca941308377c3ffd5ed1ed96ba0d9257106f85e4445bfb10ba
-
SHA512
70c89c2f66036dcf37be600fc381eac24c41afa616ad88d0b73aa8c02ba0b63e273533b60018e5fddee1444c8c02c3a16f18811ce9d9875a29606de61785dc62
-
SSDEEP
12288:92fISNErVIouVe6HMtjEjE8VapPUsgI/2B:92f9NQVIoV4CxiapPUsz/S
Malware Config
Targets
-
-
Target
Trice Chemical February-PO#67388pdf.exe
-
Size
396KB
-
MD5
99f18e1392de2176e675ed6a03bfc9d7
-
SHA1
ddc161c761aff3f7e9c66dfbf7e10a7c0fd83ea5
-
SHA256
ce3884be774641ca941308377c3ffd5ed1ed96ba0d9257106f85e4445bfb10ba
-
SHA512
70c89c2f66036dcf37be600fc381eac24c41afa616ad88d0b73aa8c02ba0b63e273533b60018e5fddee1444c8c02c3a16f18811ce9d9875a29606de61785dc62
-
SSDEEP
12288:92fISNErVIouVe6HMtjEjE8VapPUsgI/2B:92f9NQVIoV4CxiapPUsz/S
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-