c2dbf46751c346aa33fe9d846bf934a7f880f37baee41539917e074b15ada779 | Triage

Sharing

General

Target

c2dbf46751c346aa33fe9d846bf934a7f880f37baee41539917e074b15ada779.exe
Size

546KB
Sample

230314-grflysfh6t
MD5

c380473d0e661db60d8ea5bf0de605d8
SHA1

5351776308d8c03a2e703aa758b0d4dc739ca643
SHA256

c2dbf46751c346aa33fe9d846bf934a7f880f37baee41539917e074b15ada779
SHA512

43257f2a675e83aca3491131b608b16403b43ed94149e70ac6626db2665737727ca26f210cc4ba5cf00c8dd5e792f26b8b38a13ceed25ec5ec341ec621814502
SSDEEP

12288:GzXrK1mPbNroeEEPQ3sKBNFg8L0jME/jL2:B14bNLOXNg8LqvLy

Score

7^/10

Malware Config

Targets

- Target
  
  c2dbf46751c346aa33fe9d846bf934a7f880f37baee41539917e074b15ada779.exe
- Size
  
  546KB
- MD5
  
  c380473d0e661db60d8ea5bf0de605d8
- SHA1
  
  5351776308d8c03a2e703aa758b0d4dc739ca643
- SHA256
  
  c2dbf46751c346aa33fe9d846bf934a7f880f37baee41539917e074b15ada779
- SHA512
  
  43257f2a675e83aca3491131b608b16403b43ed94149e70ac6626db2665737727ca26f210cc4ba5cf00c8dd5e792f26b8b38a13ceed25ec5ec341ec621814502
- SSDEEP
  
  12288:GzXrK1mPbNroeEEPQ3sKBNFg8L0jME/jL2:B14bNLOXNg8LqvLy
Score

7^/10
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2