6d04fbb06ac5b1c667873c1bb34b942502085938c2e9b399d70fe43244430361 | Triage

Sharing

General

Target

6d04fbb06ac5b1c667873c1bb34b942502085938c2e9b399d70fe43244430361
Size

379KB
Sample

231010-p8ckmadf2x
MD5

73ef3d506223656deefe03e4397f6494
SHA1

cceca1e4fab54e55f86ad12a5fa665d4427c5219
SHA256

6d04fbb06ac5b1c667873c1bb34b942502085938c2e9b399d70fe43244430361
SHA512

56fa6d1cdfdea4060837852c59076e634722f87d97c59e8ff2d75d0f910d9af1a20b67b44eddd179216a3cec48c4b508ac3ec08a306b13865944d35dbd5dfb5a
SSDEEP

6144:cqaFH+9KGmy45F3ZpdZU0XX47vagdx8CqM3QoWPIzllZY0EmCEzxinKJb:U5Lvh59XdZTXIvDrXQoOoZtEczcnKZ

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  6d04fbb06ac5b1c667873c1bb34b942502085938c2e9b399d70fe43244430361
- Size
  
  379KB
- MD5
  
  73ef3d506223656deefe03e4397f6494
- SHA1
  
  cceca1e4fab54e55f86ad12a5fa665d4427c5219
- SHA256
  
  6d04fbb06ac5b1c667873c1bb34b942502085938c2e9b399d70fe43244430361
- SHA512
  
  56fa6d1cdfdea4060837852c59076e634722f87d97c59e8ff2d75d0f910d9af1a20b67b44eddd179216a3cec48c4b508ac3ec08a306b13865944d35dbd5dfb5a
- SSDEEP
  
  6144:cqaFH+9KGmy45F3ZpdZU0XX47vagdx8CqM3QoWPIzllZY0EmCEzxinKJb:U5Lvh59XdZTXIvDrXQoOoZtEczcnKZ
Score

7^/10

persistence
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2