General

  • Target

    ac18a105704e785c3f515987431c9eaf

  • Size

    14KB

  • Sample

    230809-mq46taae83

  • MD5

    ac18a105704e785c3f515987431c9eaf

  • SHA1

    3be2111cdbe2cd155510cac78070c63055063342

  • SHA256

    1e32bb91dccab3917339ab16f945cde34cc1239a6eacc749cf157258b36d4fa9

  • SHA512

    3d6e722715f8dd6ca7880aa1651af0e477d7aeb9aea8f61ba95f704bd88273a9030db28624747f9bcc100a6150beb709b922191d38ac2c81ef0e3c0d7d2b387e

  • SSDEEP

    192:F0fd0DPADdDk99BdQEgPHKlVtEApxId2uzCrN0g73zJEfPyK+foRCFA6pg6PrqUa:Wfeok962VtEEW2L1Iifc6T3FoDf

Score
10/10

Malware Config

Targets

    • Target

      ac18a105704e785c3f515987431c9eaf

    • Size

      14KB

    • MD5

      ac18a105704e785c3f515987431c9eaf

    • SHA1

      3be2111cdbe2cd155510cac78070c63055063342

    • SHA256

      1e32bb91dccab3917339ab16f945cde34cc1239a6eacc749cf157258b36d4fa9

    • SHA512

      3d6e722715f8dd6ca7880aa1651af0e477d7aeb9aea8f61ba95f704bd88273a9030db28624747f9bcc100a6150beb709b922191d38ac2c81ef0e3c0d7d2b387e

    • SSDEEP

      192:F0fd0DPADdDk99BdQEgPHKlVtEApxId2uzCrN0g73zJEfPyK+foRCFA6pg6PrqUa:Wfeok962VtEEW2L1Iifc6T3FoDf

    Score
    3/10
    • Target

      statement-Invoices-9098847251-DB_aabgaibajf0x0CCC_126KB__aabgaibajf0x0CCC.vbs

    • Size

      10KB

    • MD5

      04b802434a94ede4ea15046dd3433121

    • SHA1

      65659f09616d19366aa1edde69f29f8a4310c302

    • SHA256

      6ad1016df67ae1100b4a73b2a1bd4592fcc39a063e9446b8abda5f8a75d47420

    • SHA512

      c297d256fb1a8082739a4eee5c01bba6490c08c76ca726670a5ce21665fcd514ff65506a0bf648fab1a619e872661b5859aad0d9a1508770f717487f5e045fe4

    • SSDEEP

      192:2UBVukKCyEoic+OnHRtYy+rYO9ltm2Yn0Rm0I9hSTb41gpqzg4kxm:fBGxEOnHkrYOnG0NI90TbMZkDm

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks