General
-
Target
RFQ001pdfexe.exe
-
Size
337KB
-
Sample
230710-qvphpsag33
-
MD5
8a9c7a9580d153a0f9c938b50f7aad3e
-
SHA1
171106c00aa7c75792c26f9717ef5ba94beaa88c
-
SHA256
4f836a2654cceccebabea728ed2d43426153053660a7fbdab3c86b8cd28ef31d
-
SHA512
4b0b6e83541c26ce5cedcc49df563bc145f6ca34578041929896521612cb2e54f3d509999d85b1155a6a21ce21dd38f2950bcb15981b97ae8dcbcf375e3ee6d5
-
SSDEEP
6144:qhgqhwXoAoVHX2B5lb5Y3/czJa0YXBldsDe8ugrN+KWTSqaq6lpg59GAfd2cm:pqvVHX8l1Y3n0KBcq+Ner2U9xocm
Static task
static1
Behavioral task
behavioral1
Sample
RFQ001pdfexe.exe
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
RFQ001pdfexe.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
RFQ001pdfexe.exe
-
Size
337KB
-
MD5
8a9c7a9580d153a0f9c938b50f7aad3e
-
SHA1
171106c00aa7c75792c26f9717ef5ba94beaa88c
-
SHA256
4f836a2654cceccebabea728ed2d43426153053660a7fbdab3c86b8cd28ef31d
-
SHA512
4b0b6e83541c26ce5cedcc49df563bc145f6ca34578041929896521612cb2e54f3d509999d85b1155a6a21ce21dd38f2950bcb15981b97ae8dcbcf375e3ee6d5
-
SSDEEP
6144:qhgqhwXoAoVHX2B5lb5Y3/czJa0YXBldsDe8ugrN+KWTSqaq6lpg59GAfd2cm:pqvVHX8l1Y3n0KBcq+Ner2U9xocm
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-