General
-
Target
FedTaxUS2021.zip
-
Size
6.6MB
-
Sample
230328-k5xn6sbg9t
-
MD5
ba251ec9906aed7385b84fe338d14b4a
-
SHA1
66645844443eb214af0676fd1bb0467a32e63518
-
SHA256
3fb8bf3a22c854a1b7f94dcbbdf647036cce8ba7353d8358e5f0fb94a5a0df76
-
SHA512
804331f846d64b320e69aba400d66c0faa7e68bbabfd160efe162f2c919caabf1dc8500ce7f602d4b66927d69a04a3a85027f00432cb310b7de8ec331e7377b6
-
SSDEEP
196608:Q1SZ6ufJQEjVdm0w8ay2xN6YveDgzUUDv1/:evvKm0wsPDqbx/
Static task
static1
Behavioral task
behavioral1
Sample
FedTaxUS2021/FedTaxUS.pdf.lnk
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FedTaxUS2021/FedTaxUS.pdf.lnk
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
FedTaxUS2021/FedTaxUS.pdf.lnk
-
Size
2KB
-
MD5
83c0ef791c1898ea398b8f3f5d45d373
-
SHA1
b2921d538d998101e7d1c348fa4b0420395b01d3
-
SHA256
de78ba7cedda5de72f399a0bd7b597e880ebd517144bbeb2dd0a4e12d353d749
-
SHA512
a76d11bcce8226b36fbfb32b94dbb16b63201254cdde9a063300649ff8234002aefdd37c932abbdc0c15bdade261ff4668b73413d5a4a904e85a67917bac9732
Score10/10-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-