General

  • Target

    DRAFT_DOCUMENTS_REF-QUWUE-283837129KB_000000000000000000000000000000000000000.xxe

  • Size

    6KB

  • Sample

    230710-qhpmyabe9v

  • MD5

    92a86f52d948a7fdd5dc8c0eae582a95

  • SHA1

    00ce1ad3e8345982c3169559fa253aad49015938

  • SHA256

    423224d4da8a185c85e869d7e518718d494454707f3b9b2044ccd723abbcbfb9

  • SHA512

    e56cf929903b0e08dea189956594bc7a8c49f986201e72ce9c2204f88e87c6db350d965362b4795333fa52b13fdcac01fd8404da7e319b18e34306bf56083182

  • SSDEEP

    192:m0NInppxYJrd+3Lm+IQT5pvao1q3GkctMYr2j:TAYtd+3LPIApvT1UYij

Malware Config

Targets

    • Target

      DRAFT_DOCUMENTS_REF-QUWUE-283837129KB_000000000000000000000000000000000000000.cmd

    • Size

      4KB

    • MD5

      760e2fb03f43380dd12281ad272e52b7

    • SHA1

      7e4855211ca54dd71e41deb15a65c50628061cd1

    • SHA256

      d5a30f5717a8b0ae5f4f5d367d934528bd5e989aa15564477fd6a55a8548e65c

    • SHA512

      fb90669f93ec05d8717d2f520f7118f07a18da7e4795ffc39b281c314f1b52a6494317bb8576d3366d604b91aa37d147514ddd5df3364f385747bd180de076f3

    • SSDEEP

      96:KZcsl1u0BTJLjoMcxhRcGY6tJTNuTI0hhAYKMBBGZIO5vVue46X5WTFHs5mnZbCq:crFBFLEMcaG3zITFWOBuH46XBmZWKQwT

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks