Overview

overview

7

Static

static

1

mal.exe

windows7-x64

7

mal.exe

windows10-2004-x64

7

Resubmissions

06/07/2023, 09:21

230706-lbk9qahg34 10

03/07/2023, 08:49

230703-kq1saaff98 7

03/07/2023, 07:40

230703-jhysaagf61 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    mal.zip

  • Size

    655KB

  • Sample

    230703-kq1saaff98

  • MD5

    1fd2e5598fba7f2444656539002ea3ef

  • SHA1

    4a70136acc1464700ae288cbef8bb56fd23412c8

  • SHA256

    c6993db1774687d818704c43700dbe90c28e7d49d3600f0a62c6dba13b78b75f

  • SHA512

    e751a61e75feb0564342ff04273e08264386661b70ac5c834af187a60122706aa2d2e0fd2e075c2cf92988c60582234796a20a6f3b58351307e2ba8d95b45ec5

  • SSDEEP

    12288:+2AVccL/x/otMXE0HHsxuLPsDLqDvvvzxkakafYlVxAEzKMt1XT4uydyTFFUJN8A:+26cK2atH+2083vzxZfQVlydyTGNn/

Score
7/10
discovery

Malware Config

Targets

    • Target

      mal.exe

    • Size

      671KB

    • MD5

      9c9fee48c670a7435af22f5cb3d6bb69

    • SHA1

      8219329c697ac380345f74accbecc6f9acad7343

    • SHA256

      5b0e178c1c0fdfa05a22fb3d1e1d83b6a9ed594135dbdc98817af1ae5aa16be4

    • SHA512

      a82258b30e8e1c85a9e6287603e8a57e62002b180d39b55676afe2bd87cc9694478f438d7d8e5a8dd79f705fabf454a252d27db4b04ae2248d76b094e7b5c903

    • SSDEEP

      12288:u8ai5vgEOWxomDCITWs/VoWuxKt2nsnBlkqCxSOiWz:uY7omDCIpQxKt2ilySOfz

    Score
    7/10
    discovery

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks