General

  • Target

    ac18a105704e785c3f515987431c9eaf.zip

  • Size

    8KB

  • Sample

    230809-mfkz7aae23

  • MD5

    d49b3bf1a227fedc9520087734174430

  • SHA1

    32d3bc1079acfc4f25f93add2d6682a9e32f1d75

  • SHA256

    1e729abee0163f76723f08ff6abfac3a58069d0c6810bcc2c8ee40d223a6f565

  • SHA512

    38b9a57d9e188e2790c1083235c218bc7690433f08c6fb7a79d14e570ebf69e927191f6f25c0a245527b4c33a2608a0f3af1ccb55ad72835899a0775f593274d

  • SSDEEP

    192:9Sy7NgmNjD9ZwsTbNbwrO3uCGx93FY4kmqJVML08+85/:9DnjD9VXa3u4kmeMoO/

Score
10/10

Malware Config

Targets

    • Target

      statement-Invoices-9098847251-DB_aabgaibajf0x0CCC_126KB__aabgaibajf0x0CCC.vbs

    • Size

      10KB

    • MD5

      04b802434a94ede4ea15046dd3433121

    • SHA1

      65659f09616d19366aa1edde69f29f8a4310c302

    • SHA256

      6ad1016df67ae1100b4a73b2a1bd4592fcc39a063e9446b8abda5f8a75d47420

    • SHA512

      c297d256fb1a8082739a4eee5c01bba6490c08c76ca726670a5ce21665fcd514ff65506a0bf648fab1a619e872661b5859aad0d9a1508770f717487f5e045fe4

    • SSDEEP

      192:2UBVukKCyEoic+OnHRtYy+rYO9ltm2Yn0Rm0I9hSTb41gpqzg4kxm:fBGxEOnHkrYOnG0NI90TbMZkDm

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks