84972e3d631e88d1d7b07d4607f7254fe3a241e661ba36f05076d89fba259fb9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84972e3d631e88d1d7b07d4607f7254fe3a241e661ba36f05076d89fba259fb9
Size

1.3MB
Sample

231010-q3hecsdh2v
MD5

be3d090c821d1272bb7153e84de293f7
SHA1

4027dad7ad2f85945edc73c95ab2e20e093ef65f
SHA256

84972e3d631e88d1d7b07d4607f7254fe3a241e661ba36f05076d89fba259fb9
SHA512

9f49d4c0e395af90c8403aed5e097c93c654e1f0fab7d40c252cadd76014f0b35e62421dcd982c3927e34286fac87427810d3021320693a4e9d801b6aacfe950
SSDEEP

24576:hsuF7d1N53xqz3jMV75hV4qZaPhlVCncfBjBgluUqMzV3VIzc2iAAy+xX:ZBxa365hhOic1uqc3YRLvQ

Score

7^/10

Malware Config

Targets

- Target
  
  84972e3d631e88d1d7b07d4607f7254fe3a241e661ba36f05076d89fba259fb9
- Size
  
  1.3MB
- MD5
  
  be3d090c821d1272bb7153e84de293f7
- SHA1
  
  4027dad7ad2f85945edc73c95ab2e20e093ef65f
- SHA256
  
  84972e3d631e88d1d7b07d4607f7254fe3a241e661ba36f05076d89fba259fb9
- SHA512
  
  9f49d4c0e395af90c8403aed5e097c93c654e1f0fab7d40c252cadd76014f0b35e62421dcd982c3927e34286fac87427810d3021320693a4e9d801b6aacfe950
- SSDEEP
  
  24576:hsuF7d1N53xqz3jMV75hV4qZaPhlVCncfBjBgluUqMzV3VIzc2iAAy+xX:ZBxa365hhOic1uqc3YRLvQ
Score

7^/10
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2