General
-
Target
Purchase Inquiry_NBI-20190123_pdf.rar
-
Size
520KB
-
Sample
230119-jm21hafd68
-
MD5
6524b965bd8d8ab4c17ebae607759200
-
SHA1
659c33b542a7b4656c4c142706d200bc94e2a208
-
SHA256
de1f58a34c4ebcf1d15f7a46c522985d8b6980612fc5a91c0404ab229e949b97
-
SHA512
ca773254ef9bc876c4bcab1ab20dae163653c6f3805e4075180ba76efd8af14949a3ee90ec5d66e78a1bd2bb50830ca90dbccbc6c76db05d8645d3d956fff644
-
SSDEEP
12288:C4VV4FCQWQd2cpkpwPSLCxNTFHdT400CMvXJbja0wFf:C3FCu2lpoaCxpT400CMfJxw9
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Inquiry_NBI-20190123_pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Purchase Inquiry_NBI-20190123_pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Purchase Inquiry_NBI-20190123_pdf.exe
-
Size
814KB
-
MD5
6e46c58d54f6f133e9b30a157fa46005
-
SHA1
33d1dcb3fa5f4a957dac5f6c9fa81c6bba71e114
-
SHA256
40ffe1b0d408557aab2b0c0399bd37102a62439d9d62caab05a4b7fe501b7382
-
SHA512
ef1eef94d6a5f199f1ce6c00591585cdfbbbf2479e6e9e1f70ced47c9258bde12f98296d26fc4c3055f984d9ec2b493c1868857dd516524248873c2fa219a7cc
-
SSDEEP
12288:/zHSwv6XXvvY1+H8yg8kI/W0GJKzoeFG0UrMcsCZ/Ug5X5UWoHY:mY6XXIUc0hGJKzrUryCZ/
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-