General
-
Target
2c52a17288f1cf1d69abdeb9d8c18b8ac61ff7a7c73a6597e0916cdcbc6ddda9.exe
-
Size
503KB
-
Sample
230203-nnv1sseh89
-
MD5
6e40df8770ce9ff8b80b75f30a2c619d
-
SHA1
7af3526582fb9aa9df693a10d8e0d68bf05a7f91
-
SHA256
2c52a17288f1cf1d69abdeb9d8c18b8ac61ff7a7c73a6597e0916cdcbc6ddda9
-
SHA512
98d6d922b61581e867a86a57b6fb2da22bf547d46c027b6df34e4eaa583a0b3fa0559016778d0612ad634eba407bc6170f9e17688213dcf86436f66ec4dc6084
-
SSDEEP
12288:SzVlnHPlZaogGwQSspbNCnwYk3V/xrC55QN6W07qaG:2lvG3GwQtJm4/xrC5hqaG
Static task
static1
Behavioral task
behavioral1
Sample
2c52a17288f1cf1d69abdeb9d8c18b8ac61ff7a7c73a6597e0916cdcbc6ddda9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2c52a17288f1cf1d69abdeb9d8c18b8ac61ff7a7c73a6597e0916cdcbc6ddda9.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
2c52a17288f1cf1d69abdeb9d8c18b8ac61ff7a7c73a6597e0916cdcbc6ddda9.exe
-
Size
503KB
-
MD5
6e40df8770ce9ff8b80b75f30a2c619d
-
SHA1
7af3526582fb9aa9df693a10d8e0d68bf05a7f91
-
SHA256
2c52a17288f1cf1d69abdeb9d8c18b8ac61ff7a7c73a6597e0916cdcbc6ddda9
-
SHA512
98d6d922b61581e867a86a57b6fb2da22bf547d46c027b6df34e4eaa583a0b3fa0559016778d0612ad634eba407bc6170f9e17688213dcf86436f66ec4dc6084
-
SSDEEP
12288:SzVlnHPlZaogGwQSspbNCnwYk3V/xrC55QN6W07qaG:2lvG3GwQtJm4/xrC5hqaG
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-