General
-
Target
RFQ QUG24-2003700542XXX.7z
-
Size
655KB
-
Sample
240522-cds8nsgh6s
-
MD5
dbbfce68bb8b30fb886d9d0bcfc04b6d
-
SHA1
a02dd8e894da0bf89fac90120bf728aad1626e1a
-
SHA256
731f8467492e53038d6e0ee012349433beb55070b7dc9efe94ebca5441c92997
-
SHA512
9475f374d1a4c2839d2ac43035fee05708ed69d4f443fc5bfe997e25cf83a18ac944505ce40ba9a23eb561209bf5dd9fac4a432227c75a298a6b46bd50a40aa7
-
SSDEEP
12288:6oRq1ztg77Itzn58j0bLJAPs9/sHBqRvZUlOpOWJ:6okzXtz58j8LJAPsxHBUlO4U
Static task
static1
Behavioral task
behavioral1
Sample
RFQ QUG24-2003700542XXX.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ QUG24-2003700542XXX.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
RFQ QUG24-2003700542XXX.exe
-
Size
735KB
-
MD5
67e8394308a06ffee627c77b7d3d16ea
-
SHA1
e0d9daad8296d2f757cc442d1d1f1302d7aec13b
-
SHA256
631e9daaee241678334ffae4db8bae66a2781fac9bacb73676ee248917deae3f
-
SHA512
2081ce36d917c75157c9c2be12dfee62ea7ffee18c809eee51c7415e5ef9b1868398f2d95412b71a7d2e5d1d24570513d6a5f242f67a30744ef9ca6a401bf48a
-
SSDEEP
12288:IWEY5/l9s22BEEzFatnMwpOl555EQK+AlkKr0HBZR6ZUlo8if:gA/l9s3BEWwpOz55/K+Alk0IeUloP
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-