General
-
Target
FacturasPagadasalVencimie.exe
-
Size
599KB
-
Sample
230710-qqcy4sbf81
-
MD5
8b659a21de4ab804803b132238948fc9
-
SHA1
465877da2e637cfd453b0ff0eb93c5ce1025b55e
-
SHA256
68cf967f38f44205a0d7996e4b06956241c1c340844d22012de2605f6680c736
-
SHA512
53e35c4ed18188655af5b8751a2c4ed21b50180f7ea0cc09a93cbdc6a554d7b8716672dcb1da3c9db13d1e7879e732ef7673cc25f5c21d3fc293ffb8d95b70a0
-
SSDEEP
12288:jRbeidoEmJ1XlznfV4/Xw+3ItiKjV4hBjTdb4U2gbzQ:xIEm/Xlznt4/h3ItiK54hVTPQ
Static task
static1
Behavioral task
behavioral1
Sample
FacturasPagadasalVencimie.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
FacturasPagadasalVencimie.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
FacturasPagadasalVencimie.exe
-
Size
599KB
-
MD5
8b659a21de4ab804803b132238948fc9
-
SHA1
465877da2e637cfd453b0ff0eb93c5ce1025b55e
-
SHA256
68cf967f38f44205a0d7996e4b06956241c1c340844d22012de2605f6680c736
-
SHA512
53e35c4ed18188655af5b8751a2c4ed21b50180f7ea0cc09a93cbdc6a554d7b8716672dcb1da3c9db13d1e7879e732ef7673cc25f5c21d3fc293ffb8d95b70a0
-
SSDEEP
12288:jRbeidoEmJ1XlznfV4/Xw+3ItiKjV4hBjTdb4U2gbzQ:xIEm/Xlznt4/h3ItiK54hVTPQ
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-