0cfe83d4758e9c2cb881258191b2628be42b563fdb4ce22e8d94f0a3f7ef7726 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cfe83d4758e9c2cb881258191b2628be42b563fdb4ce22e8d94f0a3f7ef7726_JC.exe
Size

877KB
Sample

231013-1hzg9abh8s
MD5

d327d1f2e4c2192cb0d8c91045a4fb78
SHA1

2a70a23b9657e57aab2e1f364450d61d609d82eb
SHA256

0cfe83d4758e9c2cb881258191b2628be42b563fdb4ce22e8d94f0a3f7ef7726
SHA512

273812e39f3a7102863fdbe71d8c2e60d83147ce7087d1b80f13bb878ee413668ea09300905afe6493120bf5d6f4989d28ca3d09ee5b43f61e54faae8017dfcd
SSDEEP

24576:ZqKoweKqdPc8GCxuB8UiT+QVhRL6QRkUGhb36s:E/weKqdP2B8UiT+amHtp

Score

7^/10

Malware Config

Targets

- Target
  
  0cfe83d4758e9c2cb881258191b2628be42b563fdb4ce22e8d94f0a3f7ef7726_JC.exe
- Size
  
  877KB
- MD5
  
  d327d1f2e4c2192cb0d8c91045a4fb78
- SHA1
  
  2a70a23b9657e57aab2e1f364450d61d609d82eb
- SHA256
  
  0cfe83d4758e9c2cb881258191b2628be42b563fdb4ce22e8d94f0a3f7ef7726
- SHA512
  
  273812e39f3a7102863fdbe71d8c2e60d83147ce7087d1b80f13bb878ee413668ea09300905afe6493120bf5d6f4989d28ca3d09ee5b43f61e54faae8017dfcd
- SSDEEP
  
  24576:ZqKoweKqdPc8GCxuB8UiT+QVhRL6QRkUGhb36s:E/weKqdP2B8UiT+amHtp
Score

7^/10
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2