General
-
Target
Destination Document pdf.exe
-
Size
620KB
-
Sample
230131-gzwyxage5z
-
MD5
aa62920130adcf9c00c3c8af9b059b23
-
SHA1
c579411fefdf3006dc176b193f6dda8b07da0fe6
-
SHA256
09454cff8e1b6d8a06a3731f417fc2e86d61cffccf2cab60064e7f7a1672f4b4
-
SHA512
89e08b13c3e21f729fec3523ce412a513da90c24d4eb6ee5cdc08ceebc6b1e3c13e3ca4102bdb4e87322555b0b1a810eefb2eb8c0a3dd5603208e63994bdc086
-
SSDEEP
12288:b7EWNDJccwIWYh7j7TY3POh48Wfb9g5stErYyqJNBUcNjRtBnMAr8D:MUlyYtj7EojiB5Er/qPBUsNfCD
Static task
static1
Behavioral task
behavioral1
Sample
Destination Document pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Destination Document pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Destination Document pdf.exe
-
Size
620KB
-
MD5
aa62920130adcf9c00c3c8af9b059b23
-
SHA1
c579411fefdf3006dc176b193f6dda8b07da0fe6
-
SHA256
09454cff8e1b6d8a06a3731f417fc2e86d61cffccf2cab60064e7f7a1672f4b4
-
SHA512
89e08b13c3e21f729fec3523ce412a513da90c24d4eb6ee5cdc08ceebc6b1e3c13e3ca4102bdb4e87322555b0b1a810eefb2eb8c0a3dd5603208e63994bdc086
-
SSDEEP
12288:b7EWNDJccwIWYh7j7TY3POh48Wfb9g5stErYyqJNBUcNjRtBnMAr8D:MUlyYtj7EojiB5Er/qPBUsNfCD
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-