General
-
Target
a74960472ab338a421fb56948e742f2b.exe
-
Size
619KB
-
Sample
230201-thd3zsce21
-
MD5
a74960472ab338a421fb56948e742f2b
-
SHA1
c39bd553f3a1b8147f98056f8ea81bb6d6099b1e
-
SHA256
2e6a8bb2fcfef5cdc29aa03bfe22b01ebe7b3f71e09ad302dec93d672d1c3141
-
SHA512
7cbbc8d2ba0202370a82bbd2f24a7123a364e41a89c6f1f5472f702c91cac9f976ea1189c32462f97e5bff8c46978c691df9260945eeefb5054b09b65289da9d
-
SSDEEP
12288:b7EWNDJccwIWYh7jQ4+ngZnz/B4WW3nVVP7ntr9+E78MNv1z2qcNjRtBnMAr8+:MUlyYtjQ4UWz/B4vT7CE78YvjsNfC+
Static task
static1
Behavioral task
behavioral1
Sample
a74960472ab338a421fb56948e742f2b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a74960472ab338a421fb56948e742f2b.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a74960472ab338a421fb56948e742f2b.exe
-
Size
619KB
-
MD5
a74960472ab338a421fb56948e742f2b
-
SHA1
c39bd553f3a1b8147f98056f8ea81bb6d6099b1e
-
SHA256
2e6a8bb2fcfef5cdc29aa03bfe22b01ebe7b3f71e09ad302dec93d672d1c3141
-
SHA512
7cbbc8d2ba0202370a82bbd2f24a7123a364e41a89c6f1f5472f702c91cac9f976ea1189c32462f97e5bff8c46978c691df9260945eeefb5054b09b65289da9d
-
SSDEEP
12288:b7EWNDJccwIWYh7jQ4+ngZnz/B4WW3nVVP7ntr9+E78MNv1z2qcNjRtBnMAr8+:MUlyYtjQ4UWz/B4vT7CE78YvjsNfC+
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-