General
-
Target
ac18a105704e785c3f515987431c9eaf.zip
-
Size
8KB
-
Sample
230809-l6qgxsad68
-
MD5
d49b3bf1a227fedc9520087734174430
-
SHA1
32d3bc1079acfc4f25f93add2d6682a9e32f1d75
-
SHA256
1e729abee0163f76723f08ff6abfac3a58069d0c6810bcc2c8ee40d223a6f565
-
SHA512
38b9a57d9e188e2790c1083235c218bc7690433f08c6fb7a79d14e570ebf69e927191f6f25c0a245527b4c33a2608a0f3af1ccb55ad72835899a0775f593274d
-
SSDEEP
192:9Sy7NgmNjD9ZwsTbNbwrO3uCGx93FY4kmqJVML08+85/:9DnjD9VXa3u4kmeMoO/
Static task
static1
Behavioral task
behavioral1
Sample
statement-Invoices-9098847251-DB_aabgaibajf0x0CCC_126KB__aabgaibajf0x0CCC.vbs
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
statement-Invoices-9098847251-DB_aabgaibajf0x0CCC_126KB__aabgaibajf0x0CCC.vbs
-
Size
10KB
-
MD5
04b802434a94ede4ea15046dd3433121
-
SHA1
65659f09616d19366aa1edde69f29f8a4310c302
-
SHA256
6ad1016df67ae1100b4a73b2a1bd4592fcc39a063e9446b8abda5f8a75d47420
-
SHA512
c297d256fb1a8082739a4eee5c01bba6490c08c76ca726670a5ce21665fcd514ff65506a0bf648fab1a619e872661b5859aad0d9a1508770f717487f5e045fe4
-
SSDEEP
192:2UBVukKCyEoic+OnHRtYy+rYO9ltm2Yn0Rm0I9hSTb41gpqzg4kxm:fBGxEOnHkrYOnG0NI90TbMZkDm
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-