Overview

overview

7

Static

static

1

Gymnasiasts.exe

windows7-x64

7

Gymnasiasts.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffaaee4b906fdf09c512a9cdaad11eaf6e3596948c92af26e668720863b8f224

  • Size

    624KB

  • Sample

    231014-etj12sga9x

  • MD5

    b3afe8c772b1eab3d67d2b3c7291f03c

  • SHA1

    bd08f8819e23dd9ce53dfdc323321889242e9009

  • SHA256

    ffaaee4b906fdf09c512a9cdaad11eaf6e3596948c92af26e668720863b8f224

  • SHA512

    55d25583f75fd24c7245e87adfca667875699250e1e0e489338688c34c5fb41c7621f0fc942c25984a1c2ef09ca0be3e8b426aa94192e1368f7c382d7a077349

  • SSDEEP

    12288:O+CiVnpnfuXQoZkiDiVtqVv4+BPVhKjnzB7GRmH:iiVnpWXQoei2VWv4othKjzZp

Score
7/10

Malware Config

Targets

    • Target

      Gymnasiasts.exe

    • Size

      740KB

    • MD5

      d349a1e83025bc3ae893fcdcbf0ce945

    • SHA1

      0ffca06713b765dd0ec72fc104458255cc4a9c4d

    • SHA256

      0c7af00d8cb91dbdfb8b6f65ca862edee1213d0fcffd79ca778162d2cc72248a

    • SHA512

      093df2552585195f85e28b1706855e7d4278a74bbddd25dfacfeb008cf8bc86f8e58f5d649a37fad5ebe76bb770c914e1505a58414d2ec977668879871da4a88

    • SSDEEP

      12288:AgSHDKHA2giiwZlXvm0aAsJTnWlbdC/Q/8eB0zQxbQK8kt10JSyc:Ag0KHpxp/XvHeWJ0Q/xbH/t10JW

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks