General

  • Target

    RFQ001pdfexe.exe

  • Size

    337KB

  • Sample

    230710-qvphpsag33

  • MD5

    8a9c7a9580d153a0f9c938b50f7aad3e

  • SHA1

    171106c00aa7c75792c26f9717ef5ba94beaa88c

  • SHA256

    4f836a2654cceccebabea728ed2d43426153053660a7fbdab3c86b8cd28ef31d

  • SHA512

    4b0b6e83541c26ce5cedcc49df563bc145f6ca34578041929896521612cb2e54f3d509999d85b1155a6a21ce21dd38f2950bcb15981b97ae8dcbcf375e3ee6d5

  • SSDEEP

    6144:qhgqhwXoAoVHX2B5lb5Y3/czJa0YXBldsDe8ugrN+KWTSqaq6lpg59GAfd2cm:pqvVHX8l1Y3n0KBcq+Ner2U9xocm

Malware Config

Targets

    • Target

      RFQ001pdfexe.exe

    • Size

      337KB

    • MD5

      8a9c7a9580d153a0f9c938b50f7aad3e

    • SHA1

      171106c00aa7c75792c26f9717ef5ba94beaa88c

    • SHA256

      4f836a2654cceccebabea728ed2d43426153053660a7fbdab3c86b8cd28ef31d

    • SHA512

      4b0b6e83541c26ce5cedcc49df563bc145f6ca34578041929896521612cb2e54f3d509999d85b1155a6a21ce21dd38f2950bcb15981b97ae8dcbcf375e3ee6d5

    • SSDEEP

      6144:qhgqhwXoAoVHX2B5lb5Y3/czJa0YXBldsDe8ugrN+KWTSqaq6lpg59GAfd2cm:pqvVHX8l1Y3n0KBcq+Ner2U9xocm

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks