General

  • Target

    Cobaltbghdbghich11_browsingExe.exe

  • Size

    1.1MB

  • Sample

    230802-wthawshh51

  • MD5

    4dcc8b1dd2b3895dd93526c6c9f3ac47

  • SHA1

    36dbd2bd1090b5eb1acbf44663bc7ebe9a82a66c

  • SHA256

    3d0fd0444a9e295135ecfdc8c87ddc6dcdff63969c745e0218469332aef18dfe

  • SHA512

    9015f51aa639c86e49b42ed3f7d6dbc71f26563c4313e5c90fd19c0e32fc4cd917d3e368a0db981a6fede04c08a4c19c766c0bda8d7fb6516461ae1093bfa331

  • SSDEEP

    24576:+NY2wPzlsdAtgC5kg3VsuhTU2XQAWZ1n4D:Oj+XknuhThSnW

Malware Config

Targets

    • Target

      Cobaltbghdbghich11_browsingExe.exe

    • Size

      1.1MB

    • MD5

      4dcc8b1dd2b3895dd93526c6c9f3ac47

    • SHA1

      36dbd2bd1090b5eb1acbf44663bc7ebe9a82a66c

    • SHA256

      3d0fd0444a9e295135ecfdc8c87ddc6dcdff63969c745e0218469332aef18dfe

    • SHA512

      9015f51aa639c86e49b42ed3f7d6dbc71f26563c4313e5c90fd19c0e32fc4cd917d3e368a0db981a6fede04c08a4c19c766c0bda8d7fb6516461ae1093bfa331

    • SSDEEP

      24576:+NY2wPzlsdAtgC5kg3VsuhTU2XQAWZ1n4D:Oj+XknuhThSnW

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks