General

  • Target

    4.exe

  • Size

    286KB

  • Sample

    230803-ppvbbsdb92

  • MD5

    57cdb794c38f3cae75b6087bbf269689

  • SHA1

    f34e07b43018f3f8bd1966c7340ae76fdbcf2dff

  • SHA256

    b5d89e4524bd7370e1647f8a890e252415699233c30ea07d22847651577b6ac2

  • SHA512

    1cafe96a8700b757782f524d978d73558ae6b33d68cc3ca9483e7091deda0e8e477b386e57e7decff9b14cd90ceed062fe540c2b96cc4f260a9a91150c18ae2f

  • SSDEEP

    6144:TQ606x7l5nJfQp4M/wFL4v6bUMnuvU7Nh8rUsFTBVeFS6JIyy8M:3h1Qpn/k4v1PuN+lOS6By8M

Malware Config

Targets

    • Target

      4.exe

    • Size

      286KB

    • MD5

      57cdb794c38f3cae75b6087bbf269689

    • SHA1

      f34e07b43018f3f8bd1966c7340ae76fdbcf2dff

    • SHA256

      b5d89e4524bd7370e1647f8a890e252415699233c30ea07d22847651577b6ac2

    • SHA512

      1cafe96a8700b757782f524d978d73558ae6b33d68cc3ca9483e7091deda0e8e477b386e57e7decff9b14cd90ceed062fe540c2b96cc4f260a9a91150c18ae2f

    • SSDEEP

      6144:TQ606x7l5nJfQp4M/wFL4v6bUMnuvU7Nh8rUsFTBVeFS6JIyy8M:3h1Qpn/k4v1PuN+lOS6By8M

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks