General

  • Target

    ORDER #00092567.exe

  • Size

    321KB

  • Sample

    230803-htsjzada9z

  • MD5

    5061bf130261d76ad62329cd75696c83

  • SHA1

    c0482ece1fbec6256f8190d083d61bec63659b5f

  • SHA256

    a7c10ffd303c483eabbfab4e29543e4689d5ba63e79b8f55fbf1994fcf81b4b3

  • SHA512

    3afdc095a095474dfd09b8f6a148b643f744f2147e1f2dfec9e262186dd17bf8b306522a2f1a3b70acda3e1904aa169505589d5b2e2e9bf3ae44aad8472bd69d

  • SSDEEP

    6144:jQLFhcaoWaYRDe/zecQ4ZTCKDrBLz+6Gx2B7Hthm7A7O0kZ5fgv:0FaaoJye/zeMPZzw2B7+F7Zda

Score
10/10

Malware Config

Targets

    • Target

      ORDER #00092567.exe

    • Size

      321KB

    • MD5

      5061bf130261d76ad62329cd75696c83

    • SHA1

      c0482ece1fbec6256f8190d083d61bec63659b5f

    • SHA256

      a7c10ffd303c483eabbfab4e29543e4689d5ba63e79b8f55fbf1994fcf81b4b3

    • SHA512

      3afdc095a095474dfd09b8f6a148b643f744f2147e1f2dfec9e262186dd17bf8b306522a2f1a3b70acda3e1904aa169505589d5b2e2e9bf3ae44aad8472bd69d

    • SSDEEP

      6144:jQLFhcaoWaYRDe/zecQ4ZTCKDrBLz+6Gx2B7Hthm7A7O0kZ5fgv:0FaaoJye/zeMPZzw2B7+F7Zda

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks