Overview

overview

8

Static

static

3

RFQ QUG24-...XX.exe

windows7-x64

8

RFQ QUG24-...XX.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ QUG24-2003700542XXX.7z

  • Size

    655KB

  • Sample

    240522-cds8nsgh6s

  • MD5

    dbbfce68bb8b30fb886d9d0bcfc04b6d

  • SHA1

    a02dd8e894da0bf89fac90120bf728aad1626e1a

  • SHA256

    731f8467492e53038d6e0ee012349433beb55070b7dc9efe94ebca5441c92997

  • SHA512

    9475f374d1a4c2839d2ac43035fee05708ed69d4f443fc5bfe997e25cf83a18ac944505ce40ba9a23eb561209bf5dd9fac4a432227c75a298a6b46bd50a40aa7

  • SSDEEP

    12288:6oRq1ztg77Itzn58j0bLJAPs9/sHBqRvZUlOpOWJ:6okzXtz58j8LJAPsxHBUlO4U

Score
8/10
execution

Malware Config

Targets

    • Target

      RFQ QUG24-2003700542XXX.exe

    • Size

      735KB

    • MD5

      67e8394308a06ffee627c77b7d3d16ea

    • SHA1

      e0d9daad8296d2f757cc442d1d1f1302d7aec13b

    • SHA256

      631e9daaee241678334ffae4db8bae66a2781fac9bacb73676ee248917deae3f

    • SHA512

      2081ce36d917c75157c9c2be12dfee62ea7ffee18c809eee51c7415e5ef9b1868398f2d95412b71a7d2e5d1d24570513d6a5f242f67a30744ef9ca6a401bf48a

    • SSDEEP

      12288:IWEY5/l9s22BEEzFatnMwpOl555EQK+AlkKr0HBZR6ZUlo8if:gA/l9s3BEWwpOz55/K+Alk0IeUloP

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks