f207d6c347be657ee166d029d08e30b6ebed5166ead65740a6f6b0a82a443cf7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c41a193a8a112c28c778d3250ae34ba.exe
Size

8.7MB
Sample

230808-hjl97sce61
MD5

4c41a193a8a112c28c778d3250ae34ba
SHA1

955471e23c3af5cc4776d7b7159942401aadb56a
SHA256

f207d6c347be657ee166d029d08e30b6ebed5166ead65740a6f6b0a82a443cf7
SHA512

83d239339e80766c9c6d97b34a7d92726f8913bf6ca843f6c5b2b1212b25ddeccaf1132c5baa840c8346d50153bbd446278081ca86dce090d4528c9ea00e6008
SSDEEP

196608:X39pC/8iQyDLGA8WwlmrddlhvKhI+GrBTxsqcLWdsOP1O4Vo61:X3nC/eq1Dwlm5dl4aZ8NOpou

Score

7^/10

Malware Config

Targets

- Target
  
  4c41a193a8a112c28c778d3250ae34ba.exe
- Size
  
  8.7MB
- MD5
  
  4c41a193a8a112c28c778d3250ae34ba
- SHA1
  
  955471e23c3af5cc4776d7b7159942401aadb56a
- SHA256
  
  f207d6c347be657ee166d029d08e30b6ebed5166ead65740a6f6b0a82a443cf7
- SHA512
  
  83d239339e80766c9c6d97b34a7d92726f8913bf6ca843f6c5b2b1212b25ddeccaf1132c5baa840c8346d50153bbd446278081ca86dce090d4528c9ea00e6008
- SSDEEP
  
  196608:X39pC/8iQyDLGA8WwlmrddlhvKhI+GrBTxsqcLWdsOP1O4Vo61:X3nC/eq1Dwlm5dl4aZ8NOpou
Score

7^/10
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2