0a0cd62f08c090ac9a44f9c0a0a8cabb03869cb6944c39ffd10ff5b9d522bf9d | Triage

Sharing

General

Target

REQUEST FOR QUOTATION - yk group.exe
Size

869KB
Sample

231014-bd6y4agg8v
MD5

f5a069fbdd6ef3fc254012eceeab0b4f
SHA1

9739c4fca01ed08d216dc116d3cb29fd2c0b8115
SHA256

0a0cd62f08c090ac9a44f9c0a0a8cabb03869cb6944c39ffd10ff5b9d522bf9d
SHA512

01b9ed21246e0566cdededa50fb334e78ee8328e433777723be9d5c6dcf9748fbc0d97f13aead0bc34054b56604e36816e07a8cd74b73a813bf3cb9bc3d2581a
SSDEEP

24576:4B559KG1SktV5PU+UoHBbfIju8OkUGhb36:SL311L5PnfIzHt

Score

7^/10

Malware Config

Targets

- Target
  
  REQUEST FOR QUOTATION - yk group.exe
- Size
  
  869KB
- MD5
  
  f5a069fbdd6ef3fc254012eceeab0b4f
- SHA1
  
  9739c4fca01ed08d216dc116d3cb29fd2c0b8115
- SHA256
  
  0a0cd62f08c090ac9a44f9c0a0a8cabb03869cb6944c39ffd10ff5b9d522bf9d
- SHA512
  
  01b9ed21246e0566cdededa50fb334e78ee8328e433777723be9d5c6dcf9748fbc0d97f13aead0bc34054b56604e36816e07a8cd74b73a813bf3cb9bc3d2581a
- SSDEEP
  
  24576:4B559KG1SktV5PU+UoHBbfIju8OkUGhb36:SL311L5PnfIzHt
Score

7^/10
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2