General
-
Target
d3dd641040a52c7958adb91d807615f9
-
Size
211KB
-
Sample
221004-x1vegaccgn
-
MD5
d3dd641040a52c7958adb91d807615f9
-
SHA1
15bd379fdad6b83ec0162da978b52e3df47487af
-
SHA256
982ea3a6f299dcaf5849eba5ff9b8937f4173aa8f39f46bf42d49bd955783132
-
SHA512
5a1dcb93269a91a78119eb6a1c7d9b47f7a093187140056f9e78e36598c9177adc09aa4e9c95deb98267e18145f10ca7eba54e2453fb35411a2548b905e42819
-
SSDEEP
6144:lFD6lRWQx87Lg3JWBNXZSjBGupNU+8vRrxP:fWlR8gZw8AufUD5xP
Static task
static1
Behavioral task
behavioral1
Sample
KONF_KREDIT014ITSQ075040-BDG-2402.PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
KONF_KREDIT014ITSQ075040-BDG-2402.PDF.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
KONF_KREDIT014ITSQ075040-BDG-2402.PDF.exe
-
Size
244KB
-
MD5
e202e3c6d03d2bc3efa7ffb46ac1fa5f
-
SHA1
fd2695714b0ac01d9a1ed6492c83330396aa91eb
-
SHA256
6295c41a58e16ec2e59bd72878307df0992dbed19b73dacf8f9120c92e75482c
-
SHA512
dba34038d15a330c01082ce2cde4a0a508ced53bf5e2988b45fc8fb634e301176d0fe1e5fb8c076766b270446cfc3e58955665124b24e593a59e0c1fd070c50b
-
SSDEEP
6144:5Iw3I8qSMDoMmlm8cnMh97JcOjxTkwMq0:xqSMDk9hM8kwMq0
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-