Overview

overview

7

Static

static

SecuriteIn...83.rtf

windows7-x64

7

SecuriteIn...83.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.2582.3383.rtf

  • Size

    1.1MB

  • Sample

    221123-r1ageach7t

  • MD5

    e029755d713d9fe984b86604a0f8b4f8

  • SHA1

    0b08f3f9d7e00fc1ca9d0aa3b05a54ec7b47ee0f

  • SHA256

    4937730a038a89a65fae406685e7e59b6616d3812d93e55fa6820be06ed4d720

  • SHA512

    d1cc5b55cefa9d05c1db2941b68e860bf59e6de76b23db455cf1e2d706cc686b4ffe530261cc354f508c6d43b5355ad49e068d69c5372981dd6bf13e8170b4b9

  • SSDEEP

    3072:zsqFhLZ+vNrlH5aposg90X41MKYiXexdmXbajh75V:zffZeyposg6X4giu2uh7L

Score
7/10
persistence

Malware Config

Targets

    • Target

      SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.2582.3383.rtf

    • Size

      1.1MB

    • MD5

      e029755d713d9fe984b86604a0f8b4f8

    • SHA1

      0b08f3f9d7e00fc1ca9d0aa3b05a54ec7b47ee0f

    • SHA256

      4937730a038a89a65fae406685e7e59b6616d3812d93e55fa6820be06ed4d720

    • SHA512

      d1cc5b55cefa9d05c1db2941b68e860bf59e6de76b23db455cf1e2d706cc686b4ffe530261cc354f508c6d43b5355ad49e068d69c5372981dd6bf13e8170b4b9

    • SSDEEP

      3072:zsqFhLZ+vNrlH5aposg90X41MKYiXexdmXbajh75V:zffZeyposg6X4giu2uh7L

    Score
    7/10
    persistence

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks