General
-
Target
RFQ (Baku State University) 2303EU - 0328AZ路p.exe
-
Size
361KB
-
Sample
230328-psxkvscf6w
-
MD5
89a498a1c44acfedfde2ae1dbdf64b84
-
SHA1
def3a927c6043a59849de89b281eccffcdf8de42
-
SHA256
693e8f8b588610bfc9ed0592d7ec7486d0b039cc0651a710c642c1f19c0037d1
-
SHA512
1ca2f89edfd190d45bd35df525a8e914653b2d7c3efa1eb65756f7f37595a7e28ab489e070e5b658dba80f84e047f19ed05309770ee8842a003fba0a7a58e460
-
SSDEEP
6144:Ua4TQjIhGfChpje7SrelL45K893RdZ5WPWnPRBEdjR1y:14cjCmZlM4ChnEPA4djq
Static task
static1
Behavioral task
behavioral1
Sample
RFQ (Baku State University) 2303EU - 0328AZ路p.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RFQ (Baku State University) 2303EU - 0328AZ路p.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
RFQ (Baku State University) 2303EU - 0328AZ路p.exe
-
Size
361KB
-
MD5
89a498a1c44acfedfde2ae1dbdf64b84
-
SHA1
def3a927c6043a59849de89b281eccffcdf8de42
-
SHA256
693e8f8b588610bfc9ed0592d7ec7486d0b039cc0651a710c642c1f19c0037d1
-
SHA512
1ca2f89edfd190d45bd35df525a8e914653b2d7c3efa1eb65756f7f37595a7e28ab489e070e5b658dba80f84e047f19ed05309770ee8842a003fba0a7a58e460
-
SSDEEP
6144:Ua4TQjIhGfChpje7SrelL45K893RdZ5WPWnPRBEdjR1y:14cjCmZlM4ChnEPA4djq
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-