General

  • Target

    tmp

  • Size

    420KB

  • Sample

    230711-rme5qsae8v

  • MD5

    601f2b22a16a96c9ddaae24e2c5611f2

  • SHA1

    cc7e8c661cecd541b5134cf06011031dd164c58a

  • SHA256

    8c63c1e28683c7aa90cb40df346fe1d5dbc3b2bd994cd883cd7e551518486098

  • SHA512

    12dcf65c54e2d647ae90a0433a22d70e0fa6624ea524a72ad2b4ca635cad92961a6a6d341b228733ba0b477bcbda54d31545916daec51d3ff178b27d0d8ce7c7

  • SSDEEP

    6144:kC2guh2RGxfWgrfXQi12xMhtj3+z0N+Y9uVza:fY2sxuUfXB2xMfbsS+YsVza

Malware Config

Targets

    • Target

      tmp

    • Size

      420KB

    • MD5

      601f2b22a16a96c9ddaae24e2c5611f2

    • SHA1

      cc7e8c661cecd541b5134cf06011031dd164c58a

    • SHA256

      8c63c1e28683c7aa90cb40df346fe1d5dbc3b2bd994cd883cd7e551518486098

    • SHA512

      12dcf65c54e2d647ae90a0433a22d70e0fa6624ea524a72ad2b4ca635cad92961a6a6d341b228733ba0b477bcbda54d31545916daec51d3ff178b27d0d8ce7c7

    • SSDEEP

      6144:kC2guh2RGxfWgrfXQi12xMhtj3+z0N+Y9uVza:fY2sxuUfXB2xMfbsS+YsVza

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks