General

  • Target

    RE INV.NO.1423200071 DECOSTER.vbs

  • Size

    10KB

  • Sample

    230802-kq1saaeh3s

  • MD5

    9127b986f6b8b55cc8faa723accd3658

  • SHA1

    2c00263ac7b91fc3a150e3bba231e73d3d2672fb

  • SHA256

    8dd3efc8964659b8c8543d8ccc9b76768cb98eab1080f17a3e7ef31f4df1a2e7

  • SHA512

    838a0d995b3d14ab91147c6e4f963df34cddbe2ac344bdd98d3d5bdcea08d463725e878fc55395d0edb703d1b63b520fdce82b0fb2c6e949da4d9b594c85f4b6

  • SSDEEP

    192:EL2f6ltP1LsfgyTWEgF4nssbpPtNchpSKBZV7Ej9m+OSgGHTz:E6fUNwWMbNtNcnBva4QHTz

Score
10/10

Malware Config

Targets

    • Target

      RE INV.NO.1423200071 DECOSTER.vbs

    • Size

      10KB

    • MD5

      9127b986f6b8b55cc8faa723accd3658

    • SHA1

      2c00263ac7b91fc3a150e3bba231e73d3d2672fb

    • SHA256

      8dd3efc8964659b8c8543d8ccc9b76768cb98eab1080f17a3e7ef31f4df1a2e7

    • SHA512

      838a0d995b3d14ab91147c6e4f963df34cddbe2ac344bdd98d3d5bdcea08d463725e878fc55395d0edb703d1b63b520fdce82b0fb2c6e949da4d9b594c85f4b6

    • SSDEEP

      192:EL2f6ltP1LsfgyTWEgF4nssbpPtNchpSKBZV7Ej9m+OSgGHTz:E6fUNwWMbNtNcnBva4QHTz

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks