General
-
Target
Solicitud de Cotización (Instituto Politécnic.exe
-
Size
364KB
-
Sample
230327-y7vjgsfb38
-
MD5
42e18103d12a3f79163c06319e19de31
-
SHA1
b98b875560d3ddaeba7abf49a909eddf2cd46d76
-
SHA256
dbfeb751e07116f2eaa7ab39723f044795ae0f222d136011e4d44aa1a999a2e8
-
SHA512
309353aa546611604a61451de257f0241fd032ed095d46526aa58e92b15fece6ecbcc35274d9e9412611ad9a91c60def1e3d6c285ed714895316b819dbdbce9a
-
SSDEEP
6144:Ua4TQcaxKCrv7ih8r0ax/gSu+qhgkHWgZDvF7Y+R1O:14cU0O8gOlu+ogUWADvFf2
Static task
static1
Behavioral task
behavioral1
Sample
Solicitud de Cotización (Instituto Politécnic.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Solicitud de Cotización (Instituto Politécnic.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Solicitud de Cotización (Instituto Politécnic.exe
-
Size
364KB
-
MD5
42e18103d12a3f79163c06319e19de31
-
SHA1
b98b875560d3ddaeba7abf49a909eddf2cd46d76
-
SHA256
dbfeb751e07116f2eaa7ab39723f044795ae0f222d136011e4d44aa1a999a2e8
-
SHA512
309353aa546611604a61451de257f0241fd032ed095d46526aa58e92b15fece6ecbcc35274d9e9412611ad9a91c60def1e3d6c285ed714895316b819dbdbce9a
-
SSDEEP
6144:Ua4TQcaxKCrv7ih8r0ax/gSu+qhgkHWgZDvF7Y+R1O:14cU0O8gOlu+ogUWADvFf2
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-