Overview

overview

7

Static

static

3

RFQINVOICE...90.exe

windows7-x64

7

RFQINVOICE...90.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    RFQINVOICE09876000090.exe

  • Size

    384KB

  • Sample

    231011-hzqybshb6z

  • MD5

    45ee0796819451c310a4652b2f4c9e55

  • SHA1

    0fea82ff3ce07f31c5e785b58b6a1aee43d8778f

  • SHA256

    bc890782390a43bb02de2a7f6d6bbc1f05cceed4e6277f3f36719edb14cb5067

  • SHA512

    e4e8656b17525aebbfbd4ad6ca8508f3b7ef6be3528febaa732f919ee03fbe0820a2a4cd7073e6e285171a118389e17ee6aae9e8d4dde0a8de9ad425de706320

  • SSDEEP

    12288:LnPdvKRsZayz+O73iyx48RAgaPF5dkg3FM:TPdvQsZvf48Q1kg3FM

Score
7/10

Malware Config

Targets

    • Target

      RFQINVOICE09876000090.exe

    • Size

      384KB

    • MD5

      45ee0796819451c310a4652b2f4c9e55

    • SHA1

      0fea82ff3ce07f31c5e785b58b6a1aee43d8778f

    • SHA256

      bc890782390a43bb02de2a7f6d6bbc1f05cceed4e6277f3f36719edb14cb5067

    • SHA512

      e4e8656b17525aebbfbd4ad6ca8508f3b7ef6be3528febaa732f919ee03fbe0820a2a4cd7073e6e285171a118389e17ee6aae9e8d4dde0a8de9ad425de706320

    • SSDEEP

      12288:LnPdvKRsZayz+O73iyx48RAgaPF5dkg3FM:TPdvQsZvf48Q1kg3FM

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks