General

  • Target

    ORDERHNCWA2069528MEVBILOM.exe

  • Size

    278KB

  • Sample

    230710-qrrtnabg2v

  • MD5

    c7fde6e1eaf7c691079ec36a0cbf7abe

  • SHA1

    bfc774215a1df2ee860cd8d5d131dadbc7e7763a

  • SHA256

    d75c6300a7db46a94eda087e3034608a13befbaab2f306e4c34a2cfb4b88f5c2

  • SHA512

    5c88ef685184e75ff6a85f416d8722464ce6c585aac641a18b7bb352f866f623de3a3608330327aded44b1951d2257c93ff69a6e1ea2bb9df211a9bafea8387d

  • SSDEEP

    6144:kT4DtwaWeUWsvrswamdZTuCMieKz5T/2gSo2hk40ex:kTLaWeTsvrUmXRumT0o2jx

Malware Config

Targets

    • Target

      ORDERHNCWA2069528MEVBILOM.exe

    • Size

      278KB

    • MD5

      c7fde6e1eaf7c691079ec36a0cbf7abe

    • SHA1

      bfc774215a1df2ee860cd8d5d131dadbc7e7763a

    • SHA256

      d75c6300a7db46a94eda087e3034608a13befbaab2f306e4c34a2cfb4b88f5c2

    • SHA512

      5c88ef685184e75ff6a85f416d8722464ce6c585aac641a18b7bb352f866f623de3a3608330327aded44b1951d2257c93ff69a6e1ea2bb9df211a9bafea8387d

    • SSDEEP

      6144:kT4DtwaWeUWsvrswamdZTuCMieKz5T/2gSo2hk40ex:kTLaWeTsvrUmXRumT0o2jx

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks