General

  • Target

    IAENMAIL-A4-230711-0830-0009025.pdf.exe

  • Size

    597KB

  • Sample

    230711-lkxn4shc2w

  • MD5

    9a3ddb7a2fc19c99ecd1e8509b793a82

  • SHA1

    745c96b23553bb28e363f8aefe672babf28e9137

  • SHA256

    681410b16401ea5300bb40bfbb69e2f01d14ab931f3f8597a2be00dcac74443b

  • SHA512

    e196ea92ed5dc8ee59b519185ec832f3b19c9dbcb0393c3faaa5f6491afdcd268a997c703f8f5175c0bb47862c03eb2efe9d819efaadcc669b61c1ea3dc6b5d8

  • SSDEEP

    12288:XbQTW8uiZCCUk2HgHfRifMYYNAjcJmSI6BZAohBudTe345UXCbgs:8W81zUk2m5i0YsAWB6ohgFetCbB

Score
10/10

Malware Config

Targets

    • Target

      IAENMAIL-A4-230711-0830-0009025.pdf.exe

    • Size

      597KB

    • MD5

      9a3ddb7a2fc19c99ecd1e8509b793a82

    • SHA1

      745c96b23553bb28e363f8aefe672babf28e9137

    • SHA256

      681410b16401ea5300bb40bfbb69e2f01d14ab931f3f8597a2be00dcac74443b

    • SHA512

      e196ea92ed5dc8ee59b519185ec832f3b19c9dbcb0393c3faaa5f6491afdcd268a997c703f8f5175c0bb47862c03eb2efe9d819efaadcc669b61c1ea3dc6b5d8

    • SSDEEP

      12288:XbQTW8uiZCCUk2HgHfRifMYYNAjcJmSI6BZAohBudTe345UXCbgs:8W81zUk2m5i0YsAWB6ohgFetCbB

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks