General

  • Target

    4eb261a92a4ae327733ccafce2b754ed.dat

  • Size

    1.3MB

  • Sample

    230802-qxzfpaeh58

  • MD5

    4eb261a92a4ae327733ccafce2b754ed

  • SHA1

    cdd90c4c3090e8e379ca1747caad2198cd4f6b75

  • SHA256

    0b0f704f04bef356ebaa315bc83f7b5c0960f8e607467012b9be201a14f2be4f

  • SHA512

    3973280d0220a8340b8d7ee39b6c7e1114afbf59c40611c4dfc7c942b158376963a664601376197697f7c3001505fc348c311f3b25d0a42badf58ee982a53856

  • SSDEEP

    24576:ohexvE/dXGe68HiIG0qgSKJ8jOnMN9rFHZROL/wCxHrJ67dp:SmEVKVZg8HZc/wCxL2

Score
10/10

Malware Config

Targets

    • Target

      ryotwari.exe

    • Size

      1.3MB

    • MD5

      dd2a7011a7d3f2e0d417e76b55184628

    • SHA1

      e537fd1a984501e4181d5c91df31d7187bd05ec7

    • SHA256

      5a0f2b4601d99b0d4c3e81dcadeeb1a76cdc2e36e533c83cf4680646e6eb32d9

    • SHA512

      07981d445a67a0b99008bf5b7b2704fc4833df98f5f268a9eaeb0ac2b588e3566f7629c9fde6eef3d1fb1e5bda1ba5560c1ea32939a439b0983bc82e6ef3a456

    • SSDEEP

      24576:zhexvE/dXGe68HiIG0qgSKJ8jOnMN9rFHZROL/wCxHrJ67dpA:dmEVKVZg8HZc/wCxL2I

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks