General
-
Target
ceba3a31aeda8eea8efc26bb787ec690.bin
-
Size
593KB
-
Sample
230206-mnpcksgg41
-
MD5
8ee71900723ed36179d44bcdb3b0a34a
-
SHA1
adbfdb790a18c9cd993c7f30bf8ccb6dea518053
-
SHA256
4f7f31c878cf529376cda6d5ac508e1ef4bd0fab793edc84f4841383c84dbc79
-
SHA512
d9968275f525750b96fb57d1de6e3b2a80f58f20e9682f5a4734dbe9bc45b976b7be631e76a17d611ca2ea6ed59ed8c935c52cf1a6f2e8987873cd376b9202bf
-
SSDEEP
12288:kauHoWhW2XMdLk8nmmuq7I8/EWxjq3+xji/MNgRZYXtgkuKssogctQIVi:kDH5UkDhASWc2cKgRZOCEctY
Static task
static1
Behavioral task
behavioral1
Sample
1430fc7b02d27de2472ec82b085e6c12a1c9a236bf9f10607d39cff2cfcf3406.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1430fc7b02d27de2472ec82b085e6c12a1c9a236bf9f10607d39cff2cfcf3406.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
1430fc7b02d27de2472ec82b085e6c12a1c9a236bf9f10607d39cff2cfcf3406.exe
-
Size
689KB
-
MD5
ceba3a31aeda8eea8efc26bb787ec690
-
SHA1
b3a8b39e8438984ba680fe597df728940ed09a66
-
SHA256
1430fc7b02d27de2472ec82b085e6c12a1c9a236bf9f10607d39cff2cfcf3406
-
SHA512
139ce4a7e0fc91450beb6ab7a29711081db0e033902b5c385bc6408e65dbbcbd35e0621bdd4c2010ff15e91a818311f314d4f15e8f5d636e9d9994f3922a7e5f
-
SSDEEP
12288:2cMkhWAEQ0J6rpEretKUjQ0kKSMtpSe2Tahcjd/1FhUxsBPGtVppPNF:czQ0J+EreVFkKSekehm/1FuxsetrhX
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-