General

  • Target

    RFQexe.exe

  • Size

    1.1MB

  • Sample

    230710-qvxt3sbg4w

  • MD5

    117c09138f84dce084e42fcb684e9188

  • SHA1

    e14276554b5a2a2cdea158d8111170b780e5234e

  • SHA256

    192cc32d2b512627692171a834ddc243f4d2eb6402b301c6ce4f495c08720f98

  • SHA512

    6181e99db11b912446d041554f5f6cc5055d35730e0921164b180e419e163d76d33ea0d8f534a223778b19cd1408e45d954efd4370df9c0be45174d38a71bb4d

  • SSDEEP

    24576:EnsJ39LyjbJkQFMhmC+6GD9XgaNVtTxklSHBbqJ+eQA:EnsHyjtk2MYC5GDZgmFhble7

Malware Config

Targets

    • Target

      RFQexe.exe

    • Size

      1.1MB

    • MD5

      117c09138f84dce084e42fcb684e9188

    • SHA1

      e14276554b5a2a2cdea158d8111170b780e5234e

    • SHA256

      192cc32d2b512627692171a834ddc243f4d2eb6402b301c6ce4f495c08720f98

    • SHA512

      6181e99db11b912446d041554f5f6cc5055d35730e0921164b180e419e163d76d33ea0d8f534a223778b19cd1408e45d954efd4370df9c0be45174d38a71bb4d

    • SSDEEP

      24576:EnsJ39LyjbJkQFMhmC+6GD9XgaNVtTxklSHBbqJ+eQA:EnsHyjtk2MYC5GDZgmFhble7

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks