General
-
Target
2d6a63d1f864741c1c4d8515446ed037.bin
-
Size
365KB
-
Sample
230605-mqe7page31
-
MD5
9c58c1cee270176923c27edc4d283019
-
SHA1
8c10a92056109b18b94456755cffcaf6a0bbc8c6
-
SHA256
624421b598fee6a752e2652267ea5de5073cd5e3335fca79159c2c24b83896ee
-
SHA512
573675761aeb53de4ad070091f38aaa393af005f99b5bdca97c0e7fe836614342f0b84f47e273302ad1ccd08c20f53cc2713dc765e34af391f638790818bcfe3
-
SSDEEP
6144:it0fcz0AEgU+JlDVLpONYyALyj82CBF59owbMuv4OLkwDklEbrjGMF:LvzDEONrCyY2CBz9oFuvN9fnJ
Static task
static1
Behavioral task
behavioral1
Sample
55533764f70c4e81f7d8fa92ce1fdd8b6430768d4d224aed6b4694d217bfb0e5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
55533764f70c4e81f7d8fa92ce1fdd8b6430768d4d224aed6b4694d217bfb0e5.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
55533764f70c4e81f7d8fa92ce1fdd8b6430768d4d224aed6b4694d217bfb0e5.exe
-
Size
482KB
-
MD5
2d6a63d1f864741c1c4d8515446ed037
-
SHA1
00ffca47055abbeb9ffb0f3ef1071a4a496a415b
-
SHA256
55533764f70c4e81f7d8fa92ce1fdd8b6430768d4d224aed6b4694d217bfb0e5
-
SHA512
9f3c2f59145ec86b6302b00945ad6d83d275283e8527b052b32aba5c68abcee3cb0b4a93bf84fe7be4185b481abeb351c554b64ea59250f05b7561408b584fe3
-
SSDEEP
12288:72iEEEEEEUEEEEEEE0EEEEEEEYT/kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkq:7ngTcN+kLuBhDZbJ3PmaO4
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-