General
-
Target
ac18a105704e785c3f515987431c9eaf
-
Size
14KB
-
Sample
230809-mq46taae83
-
MD5
ac18a105704e785c3f515987431c9eaf
-
SHA1
3be2111cdbe2cd155510cac78070c63055063342
-
SHA256
1e32bb91dccab3917339ab16f945cde34cc1239a6eacc749cf157258b36d4fa9
-
SHA512
3d6e722715f8dd6ca7880aa1651af0e477d7aeb9aea8f61ba95f704bd88273a9030db28624747f9bcc100a6150beb709b922191d38ac2c81ef0e3c0d7d2b387e
-
SSDEEP
192:F0fd0DPADdDk99BdQEgPHKlVtEApxId2uzCrN0g73zJEfPyK+foRCFA6pg6PrqUa:Wfeok962VtEEW2L1Iifc6T3FoDf
Static task
static1
Behavioral task
behavioral1
Sample
ac18a105704e785c3f515987431c9eaf.xxe
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
statement-Invoices-9098847251-DB_aabgaibajf0x0CCC_126KB__aabgaibajf0x0CCC.vbs
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
ac18a105704e785c3f515987431c9eaf
-
Size
14KB
-
MD5
ac18a105704e785c3f515987431c9eaf
-
SHA1
3be2111cdbe2cd155510cac78070c63055063342
-
SHA256
1e32bb91dccab3917339ab16f945cde34cc1239a6eacc749cf157258b36d4fa9
-
SHA512
3d6e722715f8dd6ca7880aa1651af0e477d7aeb9aea8f61ba95f704bd88273a9030db28624747f9bcc100a6150beb709b922191d38ac2c81ef0e3c0d7d2b387e
-
SSDEEP
192:F0fd0DPADdDk99BdQEgPHKlVtEApxId2uzCrN0g73zJEfPyK+foRCFA6pg6PrqUa:Wfeok962VtEEW2L1Iifc6T3FoDf
Score3/10 -
-
-
Target
statement-Invoices-9098847251-DB_aabgaibajf0x0CCC_126KB__aabgaibajf0x0CCC.vbs
-
Size
10KB
-
MD5
04b802434a94ede4ea15046dd3433121
-
SHA1
65659f09616d19366aa1edde69f29f8a4310c302
-
SHA256
6ad1016df67ae1100b4a73b2a1bd4592fcc39a063e9446b8abda5f8a75d47420
-
SHA512
c297d256fb1a8082739a4eee5c01bba6490c08c76ca726670a5ce21665fcd514ff65506a0bf648fab1a619e872661b5859aad0d9a1508770f717487f5e045fe4
-
SSDEEP
192:2UBVukKCyEoic+OnHRtYy+rYO9ltm2Yn0Rm0I9hSTb41gpqzg4kxm:fBGxEOnHkrYOnG0NI90TbMZkDm
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-