General
-
Target
0034fce6ab0a05dca93fbf84cc933bd2.bin
-
Size
609KB
-
Sample
230213-bcmttshg26
-
MD5
d655be06c44519615355b26c9e2331c6
-
SHA1
e96b85d728b14b80121abd44f086b4b703c9cbbd
-
SHA256
7ded0823fe4911f4131276e603c3da24ebde856775f6d334e8cc850c9e18e6af
-
SHA512
c5b40be0651172432d4111863621b3e58b615e4f848c933b646ba50cbcb2cbfed39d76f99df124386fd6eeb1945dd18a2f6ed856b27282a9ed28db3353b3b166
-
SSDEEP
12288:x9wcfHwikQqOEixarueDW/lAP9VIxZo15fOxZmzp/rQ32Z6CQcdE2ReDWh:JlkQHbxyP0lAExS5OAp/r6JtBDWh
Static task
static1
Behavioral task
behavioral1
Sample
18b1abba90cf4a74b7216b91f02febb1c8694113f5ddc3507fd35b66253bcb83.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
18b1abba90cf4a74b7216b91f02febb1c8694113f5ddc3507fd35b66253bcb83.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
18b1abba90cf4a74b7216b91f02febb1c8694113f5ddc3507fd35b66253bcb83.exe
-
Size
873KB
-
MD5
0034fce6ab0a05dca93fbf84cc933bd2
-
SHA1
b1614b89fd423326696a6dbaf40c56f82732f472
-
SHA256
18b1abba90cf4a74b7216b91f02febb1c8694113f5ddc3507fd35b66253bcb83
-
SHA512
5c76e1dbf491051d08d2e679e284168086473ea57b84762f5cb22ff33f067806faf9bf55edd42f90fe7d3838d9d654a3918e64df10c9ceba34cf5aedf21370d8
-
SSDEEP
24576:PuHL2plae9Fplb2MnJNhdjLiDueXf98l8mkyvl:kelaezHJO/8l8mkyvl
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-