General
-
Target
Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.exe
-
Size
1.0MB
-
Sample
230711-ljh5bshb9z
-
MD5
790f3266b308066cd14f9900329e6f0c
-
SHA1
7a9aa50d276c7f8b616d1c0b5bf8fe3d9328d0fa
-
SHA256
b2d2f116713950b0742c2cb384c0377ac414be769d317f9e246ecb66730c889d
-
SHA512
ce45fd69dfdda994b563a4bc946bdee94dbc3a27d8909ef32fb44a5c3aa0f08af72d0daafd4adb14474918ff23a2c721b0b4a9a915c1a701ded69565f607bb44
-
SSDEEP
24576:whlXrm7zYFdAlYobCNtwc9Vr+iUriIVP1PRXplA77RRW6:GXi7MAlYlNWcqNriIVP1PRXpwrW6
Static task
static1
Behavioral task
behavioral1
Sample
Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.exe
-
Size
1.0MB
-
MD5
790f3266b308066cd14f9900329e6f0c
-
SHA1
7a9aa50d276c7f8b616d1c0b5bf8fe3d9328d0fa
-
SHA256
b2d2f116713950b0742c2cb384c0377ac414be769d317f9e246ecb66730c889d
-
SHA512
ce45fd69dfdda994b563a4bc946bdee94dbc3a27d8909ef32fb44a5c3aa0f08af72d0daafd4adb14474918ff23a2c721b0b4a9a915c1a701ded69565f607bb44
-
SSDEEP
24576:whlXrm7zYFdAlYobCNtwc9Vr+iUriIVP1PRXplA77RRW6:GXi7MAlYlNWcqNriIVP1PRXpwrW6
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-