General
-
Target
IAENMAIL-A4-230711-0830-0009025.pdf.exe
-
Size
597KB
-
Sample
230711-lkxn4shc2w
-
MD5
9a3ddb7a2fc19c99ecd1e8509b793a82
-
SHA1
745c96b23553bb28e363f8aefe672babf28e9137
-
SHA256
681410b16401ea5300bb40bfbb69e2f01d14ab931f3f8597a2be00dcac74443b
-
SHA512
e196ea92ed5dc8ee59b519185ec832f3b19c9dbcb0393c3faaa5f6491afdcd268a997c703f8f5175c0bb47862c03eb2efe9d819efaadcc669b61c1ea3dc6b5d8
-
SSDEEP
12288:XbQTW8uiZCCUk2HgHfRifMYYNAjcJmSI6BZAohBudTe345UXCbgs:8W81zUk2m5i0YsAWB6ohgFetCbB
Static task
static1
Behavioral task
behavioral1
Sample
IAENMAIL-A4-230711-0830-0009025.pdf.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
IAENMAIL-A4-230711-0830-0009025.pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
IAENMAIL-A4-230711-0830-0009025.pdf.exe
-
Size
597KB
-
MD5
9a3ddb7a2fc19c99ecd1e8509b793a82
-
SHA1
745c96b23553bb28e363f8aefe672babf28e9137
-
SHA256
681410b16401ea5300bb40bfbb69e2f01d14ab931f3f8597a2be00dcac74443b
-
SHA512
e196ea92ed5dc8ee59b519185ec832f3b19c9dbcb0393c3faaa5f6491afdcd268a997c703f8f5175c0bb47862c03eb2efe9d819efaadcc669b61c1ea3dc6b5d8
-
SSDEEP
12288:XbQTW8uiZCCUk2HgHfRifMYYNAjcJmSI6BZAohBudTe345UXCbgs:8W81zUk2m5i0YsAWB6ohgFetCbB
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-