General

  • Target

    Signed_businessConfirmation_Reference-09282-QIIEE__127KB_000289272653.vbs

  • Size

    5KB

  • Sample

    230717-fyg8paba4z

  • MD5

    98c31b202cc3fd8c47b61f085dd4ebfc

  • SHA1

    c678fb695edcb72af3d82f52f1b8292f17398a2e

  • SHA256

    fb7b4de6fe1e517caccbdde9450c7c42d5ba1a42e0a5e5c14e362aeb6ad67745

  • SHA512

    70a0022efaaf7cbbfa3bf4da057a301b8455a844b25510db7db77690fe714d6a7de210647444792a6eee5b53a731b35558eca0077b56f81a5b97bde19c0ba13e

  • SSDEEP

    96:uthC/xE7YcYmAcQ03Lo4PMX0GFf66OticvLmC4EdR4Z8Y:OhC/3NmAcQ03Lo4kX0GFfZOtVL3I8Y

Malware Config

Targets

    • Target

      Signed_businessConfirmation_Reference-09282-QIIEE__127KB_000289272653.vbs

    • Size

      5KB

    • MD5

      98c31b202cc3fd8c47b61f085dd4ebfc

    • SHA1

      c678fb695edcb72af3d82f52f1b8292f17398a2e

    • SHA256

      fb7b4de6fe1e517caccbdde9450c7c42d5ba1a42e0a5e5c14e362aeb6ad67745

    • SHA512

      70a0022efaaf7cbbfa3bf4da057a301b8455a844b25510db7db77690fe714d6a7de210647444792a6eee5b53a731b35558eca0077b56f81a5b97bde19c0ba13e

    • SSDEEP

      96:uthC/xE7YcYmAcQ03Lo4PMX0GFf66OticvLmC4EdR4Z8Y:OhC/3NmAcQ03Lo4kX0GFfZOtVL3I8Y

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks