General
-
Target
Draft_shipping_document.lzh
-
Size
98KB
-
Sample
220314-rcpanagcb9
-
MD5
06d7ac6f214b0343962ace85e1c40e88
-
SHA1
d022031b3b4b25d9a9587483de0a75089708a206
-
SHA256
27b950f8b84e372d1b9d0fd7b918cb633eaa2556ef47c63baf0b916f04f5bffd
-
SHA512
4fcb6de9a5f005d7081873c4b47deed11162523c844175361efce57132224c3a662df7c21b0973bce5e69cc8659c821b275ec5d723949f75c1dfedd123a24e7c
Static task
static1
Behavioral task
behavioral1
Sample
Draft_shipping_document.vbs
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Draft_shipping_document.vbs
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
Draft_shipping_document.vbs
-
Size
805KB
-
MD5
3d283fd545af947a47e6953d6335b98a
-
SHA1
331b837d008efc12c0702b290c747581583169fd
-
SHA256
280925849cd341c089c250b6609a0cab91026578f98bc2c45cb924dc9c8967a5
-
SHA512
c954754254c31cf881bb96efc601b683ae9ba75a90054626186ac9392958bc5cb3bdc3b1348df3885f998002c0a3c523fd744b29bc149b9894bb04d480bf602c
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-