General

  • Target

    AFHS_QTN_2023_00229-ORIANA.rar

  • Size

    453KB

  • Sample

    230810-hjwtmsaf47

  • MD5

    bc8ebf9f39014db71b02f152ca9f5f51

  • SHA1

    1c3706ab990ca755f5d34c459ab8e01853b02d94

  • SHA256

    db61dcd3f5c9c54b8e9cd4193bf855925452409083d0a937287f351e2ecc9546

  • SHA512

    ccba5244c5128851dc2659b5e5365168793f9d68d8698a803ae0d21bf4fe4fa3a6032ca6a9775f41564122a24829cc940f34b7258eb300f35a3266329315ebe4

  • SSDEEP

    12288:qMcgRK2WvazUVnwH788Byanmw+YoG2+kg3z+0P5q:DfYHaz+G88JmcE6j7Pw

Score
10/10

Malware Config

Targets

    • Target

      Folkeregistrene(1).exe

    • Size

      483KB

    • MD5

      7e2aba390a87f2072a8825f25045550b

    • SHA1

      ba295f399408d70cfa41c9c14c82c900ba3bb842

    • SHA256

      e2c44f040b867623bf5bc9c9551265f134dc735562955b153b7cbe0b5165c600

    • SHA512

      a9852f68b683381dbb58e7440cd8aa8e75f79ffa74af89fe36a46e060d95d32c84e06242ee128992703100d42e033b4cd1170b8e499301bf4a7423155d830198

    • SSDEEP

      12288:rFJthQat+DpEdZP8DGE6TcpkjpAO7imdxAu:/QaYDpEdLLwejpl7iju

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks