General

  • Target

    OVERDUE.EXE

  • Size

    348KB

  • Sample

    230712-hbnhasdc2w

  • MD5

    ae340bfc442660f131a75fff9f357219

  • SHA1

    69c627c851f0064e5209431882fda6dbf68fb701

  • SHA256

    ab85d237bee85a4e9d28f837e04d0d45ce410705e2dbdbe7c6c64f7716614d0a

  • SHA512

    c136324746bf2690131c98fc1e866c941d78ccc72d1f58e757312f3772c6ac9c62384933d571dfc5958b7a12eb7d34a164c796c537974fbff6764d9d19d72b51

  • SSDEEP

    6144:NhtyHU3lxVrDN4pAmdoDimE+6TK5j4D/2d4Q4SOCBazg95ccbsc+sbiuiJ:NhrrDqpAmCDi06TK5j40kSOCEk9dsfsO

Score
10/10

Malware Config

Targets

    • Target

      OVERDUE.EXE

    • Size

      348KB

    • MD5

      ae340bfc442660f131a75fff9f357219

    • SHA1

      69c627c851f0064e5209431882fda6dbf68fb701

    • SHA256

      ab85d237bee85a4e9d28f837e04d0d45ce410705e2dbdbe7c6c64f7716614d0a

    • SHA512

      c136324746bf2690131c98fc1e866c941d78ccc72d1f58e757312f3772c6ac9c62384933d571dfc5958b7a12eb7d34a164c796c537974fbff6764d9d19d72b51

    • SSDEEP

      6144:NhtyHU3lxVrDN4pAmdoDimE+6TK5j4D/2d4Q4SOCBazg95ccbsc+sbiuiJ:NhrrDqpAmCDi06TK5j40kSOCEk9dsfsO

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks