General
-
Target
REQUEST FOR OFFER (University of Parma) 9-02-23·pdf.exe
-
Size
564KB
-
Sample
230209-m6vmbahg58
-
MD5
cae675beb80ed1fae88d407271ed397e
-
SHA1
ddf46550655ca7c075496821d90fb7f5706ee9d7
-
SHA256
5a70453a6b4f6a5dfd956507dcb364fa07bd6517f87ee23ed6d703f7ec1f6599
-
SHA512
cd616b5497a16f5dcd172844ea6652e0d37f4549ce37a9928c125e8776f5c4eddb0ea930a3169ec8fa551121b194edef3a2d8adbd6d3adfa84bd08f143e48835
-
SSDEEP
12288:GkyEGBEcfVj2sEjQS0Y+N8v2ocCSivrlicgs7LVpr6O:eHBbVKsIQSY8vcKGshx6O
Malware Config
Targets
-
-
Target
REQUEST FOR OFFER (University of Parma) 9-02-23·pdf.exe
-
Size
564KB
-
MD5
cae675beb80ed1fae88d407271ed397e
-
SHA1
ddf46550655ca7c075496821d90fb7f5706ee9d7
-
SHA256
5a70453a6b4f6a5dfd956507dcb364fa07bd6517f87ee23ed6d703f7ec1f6599
-
SHA512
cd616b5497a16f5dcd172844ea6652e0d37f4549ce37a9928c125e8776f5c4eddb0ea930a3169ec8fa551121b194edef3a2d8adbd6d3adfa84bd08f143e48835
-
SSDEEP
12288:GkyEGBEcfVj2sEjQS0Y+N8v2ocCSivrlicgs7LVpr6O:eHBbVKsIQSY8vcKGshx6O
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-