General
-
Target
DOCUMENT.EXE
-
Size
1.1MB
-
Sample
210614-ntxhahdk2n
-
MD5
53964b6a40bfe2b10d36ba5e3d52966a
-
SHA1
b459111cfb08fb42238e8421583cea226226e769
-
SHA256
4dcc4adaa8c709d9db205c7267ec6da26930c0420aa54a77fed6217a9e6fdb98
-
SHA512
03847f73a33a43bf84666db4a70167506d17b567f404098fd5237b704d30d1b35d7d50d2812a1f5c1b735bf13b915a448e3be9f8af9c3cc253f8ae6eacc3fea8
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.EXE
Resource
win7v20210408
Malware Config
Targets
-
-
Target
DOCUMENT.EXE
-
Size
1.1MB
-
MD5
53964b6a40bfe2b10d36ba5e3d52966a
-
SHA1
b459111cfb08fb42238e8421583cea226226e769
-
SHA256
4dcc4adaa8c709d9db205c7267ec6da26930c0420aa54a77fed6217a9e6fdb98
-
SHA512
03847f73a33a43bf84666db4a70167506d17b567f404098fd5237b704d30d1b35d7d50d2812a1f5c1b735bf13b915a448e3be9f8af9c3cc253f8ae6eacc3fea8
-
Quasar Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-