General
-
Target
Tenors.exe
-
Size
856KB
-
Sample
231004-gx93rabd74
-
MD5
2307efdb5e44354475c089fedfe6f60d
-
SHA1
89170148d514a23229664b728de4853b3b8da651
-
SHA256
559bfa18074709e2f59b77e84f70ad0448f853fa6e416dfc603187de9896c99d
-
SHA512
82df3b1826cbe1daea7c4cd3979624053bcef7c10091706340d6eb04dd0f824bafb934bbffd39a29b426365d54eb57ea8a850d553469fcadca5a851230ceade3
-
SSDEEP
24576:INPx3Tpk5nvqnwo3MI9e5s6Dmz6uc1L9J8xVCT5ATqY2BXY6+g7:mBT2tVo31Wsrz6VL9J8xVCT5AT2Y6N
Malware Config
Targets
-
-
Target
Tenors.exe
-
Size
856KB
-
MD5
2307efdb5e44354475c089fedfe6f60d
-
SHA1
89170148d514a23229664b728de4853b3b8da651
-
SHA256
559bfa18074709e2f59b77e84f70ad0448f853fa6e416dfc603187de9896c99d
-
SHA512
82df3b1826cbe1daea7c4cd3979624053bcef7c10091706340d6eb04dd0f824bafb934bbffd39a29b426365d54eb57ea8a850d553469fcadca5a851230ceade3
-
SSDEEP
24576:INPx3Tpk5nvqnwo3MI9e5s6Dmz6uc1L9J8xVCT5ATqY2BXY6+g7:mBT2tVo31Wsrz6VL9J8xVCT5AT2Y6N
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-