General
-
Target
AFHS_QTN_2023_00229-ORIANA.rar
-
Size
453KB
-
Sample
230810-hjwtmsaf47
-
MD5
bc8ebf9f39014db71b02f152ca9f5f51
-
SHA1
1c3706ab990ca755f5d34c459ab8e01853b02d94
-
SHA256
db61dcd3f5c9c54b8e9cd4193bf855925452409083d0a937287f351e2ecc9546
-
SHA512
ccba5244c5128851dc2659b5e5365168793f9d68d8698a803ae0d21bf4fe4fa3a6032ca6a9775f41564122a24829cc940f34b7258eb300f35a3266329315ebe4
-
SSDEEP
12288:qMcgRK2WvazUVnwH788Byanmw+YoG2+kg3z+0P5q:DfYHaz+G88JmcE6j7Pw
Static task
static1
Behavioral task
behavioral1
Sample
Folkeregistrene(1).exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Folkeregistrene(1).exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
Folkeregistrene(1).exe
-
Size
483KB
-
MD5
7e2aba390a87f2072a8825f25045550b
-
SHA1
ba295f399408d70cfa41c9c14c82c900ba3bb842
-
SHA256
e2c44f040b867623bf5bc9c9551265f134dc735562955b153b7cbe0b5165c600
-
SHA512
a9852f68b683381dbb58e7440cd8aa8e75f79ffa74af89fe36a46e060d95d32c84e06242ee128992703100d42e033b4cd1170b8e499301bf4a7423155d830198
-
SSDEEP
12288:rFJthQat+DpEdZP8DGE6TcpkjpAO7imdxAu:/QaYDpEdLLwejpl7iju
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-