General
-
Target
Factura_223024060_pdf.gz
-
Size
521KB
-
Sample
230710-rddwbaca7w
-
MD5
17ab622f9a8373d3056151fbe2aea095
-
SHA1
2c9de376833954e52a66e1c0c2ecd72fc49dcf21
-
SHA256
c8e11b1458ff8e8f837f97b3fc98eb788de7de0525c58e24831df4f846929929
-
SHA512
2bac4e63811bb8b082ef656e2be712f698cbd2ab2774f1260739c7df985a00122bbec0364a7fb86de522fb7a7b05dc7b5b1cd7041d9d6b4068fed0e2604ba228
-
SSDEEP
12288:Z2fgdiffEFN4xlz94eGMrAxVaN6jPEKtcQGKyrJYZp3:ZIJ0FqzaeVrUVaN6jPEWO9rJS
Static task
static1
Behavioral task
behavioral1
Sample
Factura_223024060_pdf.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
Factura_223024060_pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
Factura_223024060_pdf.exe
-
Size
599KB
-
MD5
8b659a21de4ab804803b132238948fc9
-
SHA1
465877da2e637cfd453b0ff0eb93c5ce1025b55e
-
SHA256
68cf967f38f44205a0d7996e4b06956241c1c340844d22012de2605f6680c736
-
SHA512
53e35c4ed18188655af5b8751a2c4ed21b50180f7ea0cc09a93cbdc6a554d7b8716672dcb1da3c9db13d1e7879e732ef7673cc25f5c21d3fc293ffb8d95b70a0
-
SSDEEP
12288:jRbeidoEmJ1XlznfV4/Xw+3ItiKjV4hBjTdb4U2gbzQ:xIEm/Xlznt4/h3ItiK54hVTPQ
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-