Overview

overview

7

Static

static

3

RFQ Metabo.exe

windows7-x64

7

RFQ Metabo.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    RFQ Metabo.exe

  • Size

    365KB

  • Sample

    231011-r32cxadg9w

  • MD5

    8860d299597463c63b673807c8bbf88a

  • SHA1

    c3a0c0892a745d2c543483323f8d7550df0ef6cf

  • SHA256

    58357272406c20e677f34777d792bdecc67f8502616621858a609d9cd8e3bd7e

  • SHA512

    cab519122088f15ce9169c343d679e8b06df706e1521edf74cbb21c88684b89d88369a7768097913666921cf5407515a61341ea010c24380916668e3b601faa1

  • SSDEEP

    6144:LnPdudwDO1Gzve+hNYRtbEJxIm0mayUPA4NyoWJUE/zKV01ribs8gH7KpqUT4HL/:LnPdC1a3SRtb79JVcoWJUQzKV01rio8k

Score
7/10

Malware Config

Targets

    • Target

      RFQ Metabo.exe

    • Size

      365KB

    • MD5

      8860d299597463c63b673807c8bbf88a

    • SHA1

      c3a0c0892a745d2c543483323f8d7550df0ef6cf

    • SHA256

      58357272406c20e677f34777d792bdecc67f8502616621858a609d9cd8e3bd7e

    • SHA512

      cab519122088f15ce9169c343d679e8b06df706e1521edf74cbb21c88684b89d88369a7768097913666921cf5407515a61341ea010c24380916668e3b601faa1

    • SSDEEP

      6144:LnPdudwDO1Gzve+hNYRtbEJxIm0mayUPA4NyoWJUE/zKV01ribs8gH7KpqUT4HL/:LnPdC1a3SRtb79JVcoWJUQzKV01rio8k

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks