General

  • Target

    FacturasPagadasalVencimie.exe

  • Size

    599KB

  • Sample

    230710-qqcy4sbf81

  • MD5

    8b659a21de4ab804803b132238948fc9

  • SHA1

    465877da2e637cfd453b0ff0eb93c5ce1025b55e

  • SHA256

    68cf967f38f44205a0d7996e4b06956241c1c340844d22012de2605f6680c736

  • SHA512

    53e35c4ed18188655af5b8751a2c4ed21b50180f7ea0cc09a93cbdc6a554d7b8716672dcb1da3c9db13d1e7879e732ef7673cc25f5c21d3fc293ffb8d95b70a0

  • SSDEEP

    12288:jRbeidoEmJ1XlznfV4/Xw+3ItiKjV4hBjTdb4U2gbzQ:xIEm/Xlznt4/h3ItiK54hVTPQ

Score
10/10

Malware Config

Targets

    • Target

      FacturasPagadasalVencimie.exe

    • Size

      599KB

    • MD5

      8b659a21de4ab804803b132238948fc9

    • SHA1

      465877da2e637cfd453b0ff0eb93c5ce1025b55e

    • SHA256

      68cf967f38f44205a0d7996e4b06956241c1c340844d22012de2605f6680c736

    • SHA512

      53e35c4ed18188655af5b8751a2c4ed21b50180f7ea0cc09a93cbdc6a554d7b8716672dcb1da3c9db13d1e7879e732ef7673cc25f5c21d3fc293ffb8d95b70a0

    • SSDEEP

      12288:jRbeidoEmJ1XlznfV4/Xw+3ItiKjV4hBjTdb4U2gbzQ:xIEm/Xlznt4/h3ItiK54hVTPQ

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks