Overview

overview

7

Static

static

3

rLizzie234.exe

windows7-x64

7

rLizzie234.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    rLizzie234.exe

  • Size

    621KB

  • Sample

    230523-n6asksfb55

  • MD5

    5c06436cc09542efa8a55bb53fda3cb3

  • SHA1

    e4b1627e7741aa7504cfacf7cb57a8e4e873f975

  • SHA256

    1af5390c5886b3834bdc71c325178365018efb062c2922227585d14a1ae1703a

  • SHA512

    9d98a3967f1a7968b99ffbaf457738c6bd5ef78e909ef1159c901eff964f190bbf7924d85bce35b342fc81a5eae60d19bcc59098cb205d5b0a41cb89ade80462

  • SSDEEP

    12288:04+L3gMNEauRir739UP+iexV6wZVm827wAI8yM0nRwfoWRgyZOr8qiEE7Gm:a80EauRir7NUPoS7w71VRwfoWRgy4Yqc

Score
7/10
discovery

Malware Config

Targets

    • Target

      rLizzie234.exe

    • Size

      621KB

    • MD5

      5c06436cc09542efa8a55bb53fda3cb3

    • SHA1

      e4b1627e7741aa7504cfacf7cb57a8e4e873f975

    • SHA256

      1af5390c5886b3834bdc71c325178365018efb062c2922227585d14a1ae1703a

    • SHA512

      9d98a3967f1a7968b99ffbaf457738c6bd5ef78e909ef1159c901eff964f190bbf7924d85bce35b342fc81a5eae60d19bcc59098cb205d5b0a41cb89ade80462

    • SSDEEP

      12288:04+L3gMNEauRir739UP+iexV6wZVm827wAI8yM0nRwfoWRgyZOr8qiEE7Gm:a80EauRir7NUPoS7w71VRwfoWRgy4Yqc

    Score
    7/10
    discovery

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks