General

  • Target

    Invoice Quotation for Sept Order.exe

  • Size

    397KB

  • Sample

    230809-t5ye5seh3v

  • MD5

    9152cf3d749d6b6c2b0e529c27ceb06b

  • SHA1

    0a7ce578403fd5269110f0ea363b61de67ba6217

  • SHA256

    c2c61bbde334a4752e5d84a402d05c919a00925fede34ef87c3decf66bb8169c

  • SHA512

    39f2c7d7d4a444cd8880121b038c6e9cf20c0a90442b36ccd88afbdeaf8dc24c79f8b1a442c1e9d96fcadb621e5c5613fdb04dd31ee6cdd5fb1d85b537c94142

  • SSDEEP

    6144:aPX0UPlrkcqMGIJjB9rVLd8hnwWML5dFOifb613q3v4IdTV:MlRGIBj8hngnlL4IdTV

Score
10/10

Malware Config

Targets

    • Target

      Invoice Quotation for Sept Order.exe

    • Size

      397KB

    • MD5

      9152cf3d749d6b6c2b0e529c27ceb06b

    • SHA1

      0a7ce578403fd5269110f0ea363b61de67ba6217

    • SHA256

      c2c61bbde334a4752e5d84a402d05c919a00925fede34ef87c3decf66bb8169c

    • SHA512

      39f2c7d7d4a444cd8880121b038c6e9cf20c0a90442b36ccd88afbdeaf8dc24c79f8b1a442c1e9d96fcadb621e5c5613fdb04dd31ee6cdd5fb1d85b537c94142

    • SSDEEP

      6144:aPX0UPlrkcqMGIJjB9rVLd8hnwWML5dFOifb613q3v4IdTV:MlRGIBj8hngnlL4IdTV

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks