General
-
Target
bill payment notice #43782 PDF.exe
-
Size
380KB
-
Sample
230718-nq59jsae5z
-
MD5
9c44cdb43340fc9b7e3de6f4e0b95b29
-
SHA1
e462d5b74202a1156a005ba5c032af092b3622fa
-
SHA256
e712635bcf6dfae53c0b3679f053bd3a4e509e26295c0d3991887abc3e37f5b8
-
SHA512
05dc10752c3340d1ba689868e0e7359f5b414f81bcbea9d4415a3a5035d80a0f3e028de1c506c33bfa6d27d9ce8e3867b549e5c4255f970ccdc780d58e78ea7b
-
SSDEEP
6144:K4t6LsvuyXOLT/plOJb0r6iSeysFkHnhHMQ/4iw67Jf:Kkvz6/KJ06iSeLkHnyKAoJ
Static task
static1
Behavioral task
behavioral1
Sample
bill payment notice #43782 PDF.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
bill payment notice #43782 PDF.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
bill payment notice #43782 PDF.exe
-
Size
380KB
-
MD5
9c44cdb43340fc9b7e3de6f4e0b95b29
-
SHA1
e462d5b74202a1156a005ba5c032af092b3622fa
-
SHA256
e712635bcf6dfae53c0b3679f053bd3a4e509e26295c0d3991887abc3e37f5b8
-
SHA512
05dc10752c3340d1ba689868e0e7359f5b414f81bcbea9d4415a3a5035d80a0f3e028de1c506c33bfa6d27d9ce8e3867b549e5c4255f970ccdc780d58e78ea7b
-
SSDEEP
6144:K4t6LsvuyXOLT/plOJb0r6iSeysFkHnhHMQ/4iw67Jf:Kkvz6/KJ06iSeLkHnyKAoJ
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-