General
-
Target
ORDERHNCWA2069528MEVBILOM.exe
-
Size
278KB
-
Sample
230710-qrrtnabg2v
-
MD5
c7fde6e1eaf7c691079ec36a0cbf7abe
-
SHA1
bfc774215a1df2ee860cd8d5d131dadbc7e7763a
-
SHA256
d75c6300a7db46a94eda087e3034608a13befbaab2f306e4c34a2cfb4b88f5c2
-
SHA512
5c88ef685184e75ff6a85f416d8722464ce6c585aac641a18b7bb352f866f623de3a3608330327aded44b1951d2257c93ff69a6e1ea2bb9df211a9bafea8387d
-
SSDEEP
6144:kT4DtwaWeUWsvrswamdZTuCMieKz5T/2gSo2hk40ex:kTLaWeTsvrUmXRumT0o2jx
Static task
static1
Behavioral task
behavioral1
Sample
ORDERHNCWA2069528MEVBILOM.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
ORDERHNCWA2069528MEVBILOM.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
ORDERHNCWA2069528MEVBILOM.exe
-
Size
278KB
-
MD5
c7fde6e1eaf7c691079ec36a0cbf7abe
-
SHA1
bfc774215a1df2ee860cd8d5d131dadbc7e7763a
-
SHA256
d75c6300a7db46a94eda087e3034608a13befbaab2f306e4c34a2cfb4b88f5c2
-
SHA512
5c88ef685184e75ff6a85f416d8722464ce6c585aac641a18b7bb352f866f623de3a3608330327aded44b1951d2257c93ff69a6e1ea2bb9df211a9bafea8387d
-
SSDEEP
6144:kT4DtwaWeUWsvrswamdZTuCMieKz5T/2gSo2hk40ex:kTLaWeTsvrUmXRumT0o2jx
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-