General
-
Target
Attachments.zip
-
Size
321KB
-
Sample
221205-sp28qafa2w
-
MD5
e9bc2f2323b176bdf4653010637e2525
-
SHA1
97f9fbfcc48eb2d05b4024ced41065659e42a6a3
-
SHA256
921adb804f89d2f3aceb2afed67da29659da67e70fafd2f04820a0ae6e183a10
-
SHA512
b41cd9591b474d8945316820307b58c8dde2258612b7f04599ad8d427cb8f0d3b14e2abb7608b8675fe25e10d208b5ed84f053377f7dbb3dd79c0e704c746607
-
SSDEEP
6144:HhjDXg9cMgWdgp/wW02zhK7MuvcTRobXpg+P:H1rWdo/zLujpg+P
Static task
static1
Behavioral task
behavioral1
Sample
Salary-Increase-Datasheet-Deceember-2022.vbe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Salary-Increase-Datasheet-Deceember-2022.vbe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Salary-Increase-Datasheet-Deceember-2022.vbe
-
Size
602KB
-
MD5
03f14b68315fa272d3f573c265fad342
-
SHA1
1ab4db87eda2c6e38adf91db4769a0d35468afdf
-
SHA256
ca69ae5499c657b8b383cf6351147762093ecaa876f8b7c31850b32e10dc8c89
-
SHA512
a5e8171828dbf7074a1fedea6a6bcad1341387cc238a12411e70b4ba78d5effdd81d5e21d61971bc09cde6a0207ce5776a5e2eed5bd0e560666de076c5282a3c
-
SSDEEP
12288:Y4xIeYbcj1U0xh99kYjUBW9g3VneffpEb:ieJxU0N93gW9ySfpEb
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-