Overview

overview

7

Static

static

3

Shopgirlish.exe

windows7-x64

7

Shopgirlish.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shopgirlish.exe

  • Size

    1.4MB

  • Sample

    231011-n72mpadg6z

  • MD5

    47875b7f8982441ce42899e5a35c8541

  • SHA1

    96f38cd3fbaf19dedb21fecd5828adad2455b58c

  • SHA256

    87a8c6294c7bfeece375857edf3b1a16a2a7c1d42fc9f2463e31f45b36135ef1

  • SHA512

    eebaa2ea8cd55f088b35bccc716194909e3855eca1a4827492723c3c6432a6552dcadb53c749071f9fb49e078cec078a8a8b91543ea64ad876c2f038c411ed28

  • SSDEEP

    24576:I7NWCtc/G9hAed+ps2RvI/o1kFCP/zYLmNwiQ1bGYaMpAgLBB/jkNv:Ix3OXeMs2RgszI6tS1LBBav

Score
7/10

Malware Config

Targets

    • Target

      Shopgirlish.exe

    • Size

      1.4MB

    • MD5

      47875b7f8982441ce42899e5a35c8541

    • SHA1

      96f38cd3fbaf19dedb21fecd5828adad2455b58c

    • SHA256

      87a8c6294c7bfeece375857edf3b1a16a2a7c1d42fc9f2463e31f45b36135ef1

    • SHA512

      eebaa2ea8cd55f088b35bccc716194909e3855eca1a4827492723c3c6432a6552dcadb53c749071f9fb49e078cec078a8a8b91543ea64ad876c2f038c411ed28

    • SSDEEP

      24576:I7NWCtc/G9hAed+ps2RvI/o1kFCP/zYLmNwiQ1bGYaMpAgLBB/jkNv:Ix3OXeMs2RgszI6tS1LBBav

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks