f1fbf324610906410a9c24bbdc2088647164cbacfcff400382cfa83a025c2984 | Triage

Sharing

General

Target

babatexb.zip
Size

279KB
Sample

230420-qr4hfsab64
MD5

5a826bf5a9cc46cabf638ab4bd94161a
SHA1

7e6dd286f0de95437f48369d72d7f4e7e6485e1f
SHA256

f1fbf324610906410a9c24bbdc2088647164cbacfcff400382cfa83a025c2984
SHA512

6459e491aa98a9572f2572243574d6705b5a65a99678265096c2456ae69b73194282b823ee05da1b38a17a2092d5d7ac421e9893d556e7fec59d1756101a5f39
SSDEEP

6144:c+QWb3+GOT7Luzq+gNVkSteEvi+LXmqKMMYVaGUaLP/AcpAW:c+16T+23RezqWq9aGp/lpL

Score

7^/10

Malware Config

Targets

- Target
  
  facturas.bat
- Size
  
  625KB
- MD5
  
  5192e989e4127439bf8d14df260b0012
- SHA1
  
  4ca7737e47bb98da7a2aa764f680a0f782244f5e
- SHA256
  
  8fdf3ed254c5e95ac1f1e6647a2ae33123c8635aff1a167c9e59fc1c7516f711
- SHA512
  
  bf865bf5d90592e50547813d5c909c5c784934a45b2ee4002c3dea630b7680895728c5520ebf940966d7024d07be15b954eed4185fde7f04afc099d99211278d
- SSDEEP
  
  6144:sMm4CCHM4NL26fgvL6p1K6tCNmeiR9zwdXcBoTo:sMwg/NL26fgvOKkCmeiz08oTo
Score

7^/10
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1