General

  • Target

    prueba de pago-pdf.rar

  • Size

    456KB

  • Sample

    230808-q65dasch57

  • MD5

    8be7d694d376bbb14dcdfe4883224acb

  • SHA1

    257366e663ce589e4bc87379928c07ca82d5e771

  • SHA256

    fd7ab6b64dfe5d083da6f23cc6d2dee18bf7eb79ffb4ea9b053542391b591d03

  • SHA512

    8df5e3fc441f72d99e8ad1bc572613797170d3b488f660fc2bbd6f2522c24cdb6cec68ef0d1a5d09b6229cee27fabcc1ee29433a6874b06e41a3963829022812

  • SSDEEP

    12288:bt0HofYP0TDT43GyKiBIF06dQTUMmE//ll:Z0IfYP03sWriICsQTUJ0/ll

Score
10/10

Malware Config

Targets

    • Target

      prueba de pago.exe

    • Size

      560KB

    • MD5

      f635f99f740b1bd4f2e5c5d968bf3c4a

    • SHA1

      e9d73ba51502695bba19093b63370a431442d225

    • SHA256

      11a13f0291f2145e792f3f7d18a1c3747767e93b71292a9fdefed34d52dff3b8

    • SHA512

      1de9d951ab3f18dc476275820cbc0a1332cb3376dc3ce2562beb506f79534f971adc7ca20bdedac8ef752d798c2dab2b4a9432ba92d2622891990b0f99316c97

    • SSDEEP

      12288:xtHb13bWictv8DDM+1FwFj5u6R257MXXkuOaziOUeq:vbNrcx8DDY5u5VNazDg

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks