f346b6866b789bed0bdff1e5435f63dc037822b781ae1f61d4786a3f802e69cf | Triage

Resubmissions

30/05/2023, 21:26

230530-1ajf3abg43 7

30/05/2023, 15:05

230530-sggl2sac53 10

Sharing

General

Target

New_Order#P23053006.iso
Size

252KB
Sample

230530-1ajf3abg43
MD5

a592ff3ed5e9b5372ba2b7fb5afd25b4
SHA1

edb9db660f28ffb6d6d50a964508ede03db0ae82
SHA256

f346b6866b789bed0bdff1e5435f63dc037822b781ae1f61d4786a3f802e69cf
SHA512

683627c056155b9b83954dc9b05348e3dbc4f4480fd8125ad521f9ddd8691612eabd042aabf171f26d66e0a87e7db764ce1ed079338a9719db2631bee4e79190
SSDEEP

3072:EMQwWTgwiv46uBubKtb7m2jCUTUOQ5GNypjvpb9DRKC7qtzqtFiofn/UPx+4JiPi:hp+ggKKV9y9vl9DRKCGqD/UPx+4Tf

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  New_Order#P23053006.iso
- Size
  
  252KB
- MD5
  
  a592ff3ed5e9b5372ba2b7fb5afd25b4
- SHA1
  
  edb9db660f28ffb6d6d50a964508ede03db0ae82
- SHA256
  
  f346b6866b789bed0bdff1e5435f63dc037822b781ae1f61d4786a3f802e69cf
- SHA512
  
  683627c056155b9b83954dc9b05348e3dbc4f4480fd8125ad521f9ddd8691612eabd042aabf171f26d66e0a87e7db764ce1ed079338a9719db2631bee4e79190
- SSDEEP
  
  3072:EMQwWTgwiv46uBubKtb7m2jCUTUOQ5GNypjvpb9DRKC7qtzqtFiofn/UPx+4JiPi:hp+ggKKV9y9vl9DRKCGqD/UPx+4Tf
Score

3^/10
behavioral1
- Target
  
  NEW_ORDER_P23053006_0800677.EXE
- Size
  
  208KB
- MD5
  
  2bf0615d52827d7a58c3854b632c6af3
- SHA1
  
  c351d40b0e8caef853b82a1ed81c5c84d5f60765
- SHA256
  
  c184c915ae27f4475a0442f4ef63ef6b2901da26c14c6fd9633139017384cf0d
- SHA512
  
  b9e5a84ac90882643ff09f65d3bce2470c3d17f9ab9792512b10452a3125a8512b8ba869796aecff27f7f84a269e024ac92b0a57d61a3fb17cd882ee8c0f6266
- SSDEEP
  
  3072:bMQwWTgwiv46uBubKtb7m2jCUTUOQ5GNypjvpb9DRKC7qtzqtFiofn/UPx+4JiPX:Qp+ggKKV9y9vl9DRKCGqD/UPx+4Tfs
Score

7^/10

discovery
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2