General

  • Target

    tmp

  • Size

    466KB

  • Sample

    230718-pxpe2sba5s

  • MD5

    210b741e2da121370c2521e56fd1a1c6

  • SHA1

    679b47ca2ed1d3b1131239914149ff0a68670ddb

  • SHA256

    e0e89acf0231414faae852330d13f6bafcc6c1ef66f3fdf08d5ee82363977469

  • SHA512

    68754122d90efb108e0012dfa611bbed333032527254d9dc515ecee11974aef29a982807b177fde9841d6ff4d878a7e7860c450bf9c8a7fd804026960b6220d7

  • SSDEEP

    6144:xIw3AEsnWaFcWjU0DBS9grh/B9EFkYedPeDA17SzwbkBlQCS:uEsnWaFv4grh598ZAecg8bk7QV

Malware Config

Targets

    • Target

      tmp

    • Size

      466KB

    • MD5

      210b741e2da121370c2521e56fd1a1c6

    • SHA1

      679b47ca2ed1d3b1131239914149ff0a68670ddb

    • SHA256

      e0e89acf0231414faae852330d13f6bafcc6c1ef66f3fdf08d5ee82363977469

    • SHA512

      68754122d90efb108e0012dfa611bbed333032527254d9dc515ecee11974aef29a982807b177fde9841d6ff4d878a7e7860c450bf9c8a7fd804026960b6220d7

    • SSDEEP

      6144:xIw3AEsnWaFcWjU0DBS9grh/B9EFkYedPeDA17SzwbkBlQCS:uEsnWaFv4grh598ZAecg8bk7QV

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks