General
-
Target
c0164178c5e2c4097e7daba7c13ac94d
-
Size
213KB
-
Sample
221004-xzs51sccdr
-
MD5
c0164178c5e2c4097e7daba7c13ac94d
-
SHA1
dc81db091d408c6111c2eee82133dc43ffdac028
-
SHA256
7f78cf4dc64dc37a758ae98f195c7bd2121a521d4880ce3a7d59eccc81b57c51
-
SHA512
617b1b13d315f4031077d77e4b553e138ad2d445a02890e5ac779dc91a4a7be34fec2fd9ccfde985728537352f00e7af0060e4e4ba0ce3e9c7437a5dd28b259d
-
SSDEEP
6144:D5D9k8sRi+aQGX3UvNufVx1irpCWECx61SwHFHL9y:PfsRDgUVIBWf61Dt9y
Static task
static1
Behavioral task
behavioral1
Sample
MONTHLY_CLIENT_STATEMENT.PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
MONTHLY_CLIENT_STATEMENT.PDF.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
MONTHLY_CLIENT_STATEMENT.PDF.exe
-
Size
244KB
-
MD5
e202e3c6d03d2bc3efa7ffb46ac1fa5f
-
SHA1
fd2695714b0ac01d9a1ed6492c83330396aa91eb
-
SHA256
6295c41a58e16ec2e59bd72878307df0992dbed19b73dacf8f9120c92e75482c
-
SHA512
dba34038d15a330c01082ce2cde4a0a508ced53bf5e2988b45fc8fb634e301176d0fe1e5fb8c076766b270446cfc3e58955665124b24e593a59e0c1fd070c50b
-
SSDEEP
6144:5Iw3I8qSMDoMmlm8cnMh97JcOjxTkwMq0:xqSMDk9hM8kwMq0
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-