General
-
Target
4.exe
-
Size
286KB
-
Sample
230803-ppvbbsdb92
-
MD5
57cdb794c38f3cae75b6087bbf269689
-
SHA1
f34e07b43018f3f8bd1966c7340ae76fdbcf2dff
-
SHA256
b5d89e4524bd7370e1647f8a890e252415699233c30ea07d22847651577b6ac2
-
SHA512
1cafe96a8700b757782f524d978d73558ae6b33d68cc3ca9483e7091deda0e8e477b386e57e7decff9b14cd90ceed062fe540c2b96cc4f260a9a91150c18ae2f
-
SSDEEP
6144:TQ606x7l5nJfQp4M/wFL4v6bUMnuvU7Nh8rUsFTBVeFS6JIyy8M:3h1Qpn/k4v1PuN+lOS6By8M
Static task
static1
Behavioral task
behavioral1
Sample
4.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
4.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
4.exe
-
Size
286KB
-
MD5
57cdb794c38f3cae75b6087bbf269689
-
SHA1
f34e07b43018f3f8bd1966c7340ae76fdbcf2dff
-
SHA256
b5d89e4524bd7370e1647f8a890e252415699233c30ea07d22847651577b6ac2
-
SHA512
1cafe96a8700b757782f524d978d73558ae6b33d68cc3ca9483e7091deda0e8e477b386e57e7decff9b14cd90ceed062fe540c2b96cc4f260a9a91150c18ae2f
-
SSDEEP
6144:TQ606x7l5nJfQp4M/wFL4v6bUMnuvU7Nh8rUsFTBVeFS6JIyy8M:3h1Qpn/k4v1PuN+lOS6By8M
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-