Overview

overview

7

Static

static

3

0f849525b3...db.exe

windows7-x64

7

0f849525b3...db.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0f849525b31bc8eb26642e47cdcf9a3b9c945e5e481dd427a3175486278ac2db

  • Size

    709KB

  • Sample

    230705-eayebsad22

  • MD5

    357f9298368e64b2febeb6742f0a2552

  • SHA1

    ba9efdb353c2485666991c44d3aa699ee8802d3d

  • SHA256

    0f849525b31bc8eb26642e47cdcf9a3b9c945e5e481dd427a3175486278ac2db

  • SHA512

    3369cf6e8b392223bb34acac767000dac773547a3ca6bc70d2d3ac0ce73a297377dd224dfc006ddbcea149f6510e4c17e62a03354e74a9e52ec20edf0374778b

  • SSDEEP

    12288:dgQ44tKy5S3Uc7I6aA+SHGvwygKbUliOLQdxR8pSwM4vXVFQIq:d0CKMgUUa71wliJ2pSV4PvQf

Score
7/10
discovery

Malware Config

Targets

    • Target

      0f849525b31bc8eb26642e47cdcf9a3b9c945e5e481dd427a3175486278ac2db

    • Size

      709KB

    • MD5

      357f9298368e64b2febeb6742f0a2552

    • SHA1

      ba9efdb353c2485666991c44d3aa699ee8802d3d

    • SHA256

      0f849525b31bc8eb26642e47cdcf9a3b9c945e5e481dd427a3175486278ac2db

    • SHA512

      3369cf6e8b392223bb34acac767000dac773547a3ca6bc70d2d3ac0ce73a297377dd224dfc006ddbcea149f6510e4c17e62a03354e74a9e52ec20edf0374778b

    • SSDEEP

      12288:dgQ44tKy5S3Uc7I6aA+SHGvwygKbUliOLQdxR8pSwM4vXVFQIq:d0CKMgUUa71wliJ2pSV4PvQf

    Score
    7/10
    discovery

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks