General
-
Target
DHL-Shipment-AWL-0010993954-pdf.exe
-
Size
628KB
-
Sample
230718-hcxscshe2s
-
MD5
23b53c5a46edb96074fa72673a13b94f
-
SHA1
2df91abe31779634ba2809a2ff1953b279214b70
-
SHA256
c3b8c2966ebf82260e14bc0d95b2223dcdfef62c1e7fe0e92aafffa05e4b695f
-
SHA512
9dcd0241ed926677f454452bfbc36e91ff87995762ce454688245c62e0b641207eb8e93d39223c33ee0600eb835cc6ec58c43a809b8a619ede3a36d78b65e52f
-
SSDEEP
6144:oDX6o9FL7SV8ccs0KyrEtMGTLLzxB0TzvZxTNwfY4GXr2S/Pid2zk87bdW2+I7kW:D9LfcTzxfw1Arm+kUF+ek3e4lUbUq
Static task
static1
Behavioral task
behavioral1
Sample
DHL-Shipment-AWL-0010993954-pdf.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
DHL-Shipment-AWL-0010993954-pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
DHL-Shipment-AWL-0010993954-pdf.exe
-
Size
628KB
-
MD5
23b53c5a46edb96074fa72673a13b94f
-
SHA1
2df91abe31779634ba2809a2ff1953b279214b70
-
SHA256
c3b8c2966ebf82260e14bc0d95b2223dcdfef62c1e7fe0e92aafffa05e4b695f
-
SHA512
9dcd0241ed926677f454452bfbc36e91ff87995762ce454688245c62e0b641207eb8e93d39223c33ee0600eb835cc6ec58c43a809b8a619ede3a36d78b65e52f
-
SSDEEP
6144:oDX6o9FL7SV8ccs0KyrEtMGTLLzxB0TzvZxTNwfY4GXr2S/Pid2zk87bdW2+I7kW:D9LfcTzxfw1Arm+kUF+ek3e4lUbUq
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-