General
-
Target
H. H. Arnold Co. RFQ 230327·pdf.exe
-
Size
366KB
-
Sample
230327-y7t8qahb5w
-
MD5
3ba18ac29be8aac2fd64ffdff621cd7e
-
SHA1
5c40013d7324bd449fa954a0f68d70095c45a99a
-
SHA256
3722230201739f00b5967d0d77061f995f8c53f1f68911ba7faa7002797ef208
-
SHA512
d7bb61b12fb1da375031d0732a3be6b406171e6ff6baffa3c645e8a4651cd30a434b94be56207c1a63b3f94366d6ffcbaa7c497c74c3b0bcfd4477db6766f25c
-
SSDEEP
6144:Ua4TQNkR6GfUaMzpWCEv8ad15+6pnKODH240FcP2h3pYR1w:14cCR+9zpa8ad15BpK02ZSO/Yo
Static task
static1
Behavioral task
behavioral1
Sample
H. H. Arnold Co. RFQ 230327·pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
H. H. Arnold Co. RFQ 230327·pdf.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
H. H. Arnold Co. RFQ 230327·pdf.exe
-
Size
366KB
-
MD5
3ba18ac29be8aac2fd64ffdff621cd7e
-
SHA1
5c40013d7324bd449fa954a0f68d70095c45a99a
-
SHA256
3722230201739f00b5967d0d77061f995f8c53f1f68911ba7faa7002797ef208
-
SHA512
d7bb61b12fb1da375031d0732a3be6b406171e6ff6baffa3c645e8a4651cd30a434b94be56207c1a63b3f94366d6ffcbaa7c497c74c3b0bcfd4477db6766f25c
-
SSDEEP
6144:Ua4TQNkR6GfUaMzpWCEv8ad15+6pnKODH240FcP2h3pYR1w:14cCR+9zpa8ad15BpK02ZSO/Yo
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-