6578a27c9a339ad280d54a724c86f4c5a864fcd1da54b732fbbce40d861447da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6578a27c9a339ad280d54a724c86f4c5a864fcd1da54b732fbbce40d861447da.exe
Size

636KB
Sample

230303-pt2wzahe23
MD5

bc1a9800f4c13bfcc141d8a76dc1080e
SHA1

4d49fa464c6a3529f64ece36c2e8a40be3147a74
SHA256

6578a27c9a339ad280d54a724c86f4c5a864fcd1da54b732fbbce40d861447da
SHA512

88b1d206641cea4b5a94027c35658a2c8cbcd88539018b1d55beec999f5b72d00132f457e0b4042eaee3c186798281c9e0b8fd48d11f5ab5591613b4124a9c90
SSDEEP

12288:/f1Pc3O4JEYX3z2PrQbikTFH8oNTY8SIsH699zgUtQ:m3O4jqrEH8oNMZIXzQ

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  6578a27c9a339ad280d54a724c86f4c5a864fcd1da54b732fbbce40d861447da.exe
- Size
  
  636KB
- MD5
  
  bc1a9800f4c13bfcc141d8a76dc1080e
- SHA1
  
  4d49fa464c6a3529f64ece36c2e8a40be3147a74
- SHA256
  
  6578a27c9a339ad280d54a724c86f4c5a864fcd1da54b732fbbce40d861447da
- SHA512
  
  88b1d206641cea4b5a94027c35658a2c8cbcd88539018b1d55beec999f5b72d00132f457e0b4042eaee3c186798281c9e0b8fd48d11f5ab5591613b4124a9c90
- SSDEEP
  
  12288:/f1Pc3O4JEYX3z2PrQbikTFH8oNTY8SIsH699zgUtQ:m3O4jqrEH8oNMZIXzQ
Score

7^/10

persistence
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2