General

  • Target

    ASCD23104 SPEC.exe

  • Size

    332KB

  • Sample

    230802-kyw43afa2t

  • MD5

    bd5b02844aa6410f0369e0b07fcffcb3

  • SHA1

    a87a1ba2cda550b43502a3afcb355f59e86a9ca4

  • SHA256

    363b7aaa875c65c3c134a3c2051a4bd8fa5a9a1376597609f95a43b219e56bd3

  • SHA512

    b6138b0e06a8aa86b37a9f6941e195626ac13c1cd8f7ae8719929489d3906d1df20c151519f287d3d73e8115be98bd03e00fda722386b64579b88bb02e254ddc

  • SSDEEP

    6144:NQ606x3uwBN3FrNRm9vtTpd0NZtQQnS0EKlsT6JIyy8T:nhBNM0pEMsT6By8T

Malware Config

Targets

    • Target

      ASCD23104 SPEC.exe

    • Size

      332KB

    • MD5

      bd5b02844aa6410f0369e0b07fcffcb3

    • SHA1

      a87a1ba2cda550b43502a3afcb355f59e86a9ca4

    • SHA256

      363b7aaa875c65c3c134a3c2051a4bd8fa5a9a1376597609f95a43b219e56bd3

    • SHA512

      b6138b0e06a8aa86b37a9f6941e195626ac13c1cd8f7ae8719929489d3906d1df20c151519f287d3d73e8115be98bd03e00fda722386b64579b88bb02e254ddc

    • SSDEEP

      6144:NQ606x3uwBN3FrNRm9vtTpd0NZtQQnS0EKlsT6JIyy8T:nhBNM0pEMsT6By8T

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks