fd6d74bb39e6bd7d1c9647be9b6fc54c3447697bbcd038ae6e287b9065b5e697 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Quotation2023010800.pdf.exe
Size

320KB
Sample

231013-2p931adh71
MD5

5d41a9f0b03339a10ea9d496af7eaa89
SHA1

e16f9a8ec691667908ef1a57528b0a967de8fc72
SHA256

fd6d74bb39e6bd7d1c9647be9b6fc54c3447697bbcd038ae6e287b9065b5e697
SHA512

cda9cb73659d6189323fd7e5c6cd1941dde11b245e7c219bf7b17e62042944240984bb5f0df28a0d54a3fff2e5ac3d191f06dd887ff65149c9d68896ff9ce1fc
SSDEEP

6144:TQ606x7lV5H5roJm57W63BFwYJ3s+CuYRX8GwpV3/ucEQb4oNriCJLnHDvu6JIyB:3VProJx6VJCJX8JucEQbVrXHK6By8L

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Quotation2023010800.pdf.exe
- Size
  
  320KB
- MD5
  
  5d41a9f0b03339a10ea9d496af7eaa89
- SHA1
  
  e16f9a8ec691667908ef1a57528b0a967de8fc72
- SHA256
  
  fd6d74bb39e6bd7d1c9647be9b6fc54c3447697bbcd038ae6e287b9065b5e697
- SHA512
  
  cda9cb73659d6189323fd7e5c6cd1941dde11b245e7c219bf7b17e62042944240984bb5f0df28a0d54a3fff2e5ac3d191f06dd887ff65149c9d68896ff9ce1fc
- SSDEEP
  
  6144:TQ606x7lV5H5roJm57W63BFwYJ3s+CuYRX8GwpV3/ucEQb4oNriCJLnHDvu6JIyB:3VProJx6VJCJX8JucEQbVrXHK6By8L
Score

7^/10

persistence
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2