Overview

overview

7

Static

static

3

unaugmentative.exe

windows7-x64

7

unaugmentative.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unaugmentative.exe

  • Size

    684KB

  • Sample

    230518-fjh7fagg6x

  • MD5

    f4f8aa33be37944caa797974dd05ef42

  • SHA1

    560f24bc30646f11814617bcdbbe40bf208a674a

  • SHA256

    a12c0cba66449b46e1186671fab58ba802ebf1ba938619e1239d74b733c79afe

  • SHA512

    ed365eeb0f978e7cb8fc1ea0c12faaf3ff913214bc896df99bfcf9ab03a74b319e64bc0c1b33f7752d1d8659e57f566c18c22d839edbe72a6bd75f80f9626d83

  • SSDEEP

    12288:phrO+j2I2llYaIwGPZiy6RRXju3SP3d9mSSF6UWQE/onCO6P:ptxj2IMCZZ633PKWQE/V

Score
7/10

Malware Config

Targets

    • Target

      unaugmentative.exe

    • Size

      684KB

    • MD5

      f4f8aa33be37944caa797974dd05ef42

    • SHA1

      560f24bc30646f11814617bcdbbe40bf208a674a

    • SHA256

      a12c0cba66449b46e1186671fab58ba802ebf1ba938619e1239d74b733c79afe

    • SHA512

      ed365eeb0f978e7cb8fc1ea0c12faaf3ff913214bc896df99bfcf9ab03a74b319e64bc0c1b33f7752d1d8659e57f566c18c22d839edbe72a6bd75f80f9626d83

    • SSDEEP

      12288:phrO+j2I2llYaIwGPZiy6RRXju3SP3d9mSSF6UWQE/onCO6P:ptxj2IMCZZ633PKWQE/V

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks