Overview

overview

7

Static

static

1

fa3551c102...JC.exe

windows7-x64

7

fa3551c102...JC.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    fa3551c102ce3c003082e53c4936733414440a3396ad32a9a7ac61aa6a315256exe_JC.exe

  • Size

    478KB

  • Sample

    230815-ve4d5scb74

  • MD5

    26f11a3b883fa4590fc7fbe31e1ec50c

  • SHA1

    c471bc6e1edbdfadcda9d1dc32833f5a7b17f2e8

  • SHA256

    fa3551c102ce3c003082e53c4936733414440a3396ad32a9a7ac61aa6a315256

  • SHA512

    65b0f60ab9f205f50e298a134bd31e2897d61f9947112fd2cb5f2d4df2872fd73e883c27b8fd535ba95cde57b79ee9713a59a4dc7cab2a78e7dc1c59788a00b0

  • SSDEEP

    6144:WqC56XPZVheNA+ff0iuf87z5OHZ3zrxz16OVqIYOLtCS1nX7rxTMVhEflg8ts/Wd:hfnhe2epuf87AZRzzLtBnX3AEfW8EgCy

Score
7/10

Malware Config

Targets

    • Target

      fa3551c102ce3c003082e53c4936733414440a3396ad32a9a7ac61aa6a315256exe_JC.exe

    • Size

      478KB

    • MD5

      26f11a3b883fa4590fc7fbe31e1ec50c

    • SHA1

      c471bc6e1edbdfadcda9d1dc32833f5a7b17f2e8

    • SHA256

      fa3551c102ce3c003082e53c4936733414440a3396ad32a9a7ac61aa6a315256

    • SHA512

      65b0f60ab9f205f50e298a134bd31e2897d61f9947112fd2cb5f2d4df2872fd73e883c27b8fd535ba95cde57b79ee9713a59a4dc7cab2a78e7dc1c59788a00b0

    • SSDEEP

      6144:WqC56XPZVheNA+ff0iuf87z5OHZ3zrxz16OVqIYOLtCS1nX7rxTMVhEflg8ts/Wd:hfnhe2epuf87AZRzzLtBnX3AEfW8EgCy

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks