General
-
Target
Gqgsm.exe
-
Size
171KB
-
Sample
240614-lf792svblh
-
MD5
c6cd0f62d86d87344a7d7483d82ac6d3
-
SHA1
23332a2dc618d48d98218d3b3d67bc128e9d0f3d
-
SHA256
6f03a4ec146aebb2d8031244e1c206131dc7852d9cac9937cfa62d7b27ebbf28
-
SHA512
fed34015b4059b82df3fe6a59c2b168d60a1325c0253ecb53d38fb85459cb0d1aec0c9b2c30081d94ad6e12d9fc9298e258dda6fa1fd95a7fbc6d13a59a45031
-
SSDEEP
3072:OYf8KDcsaEoJJlIZA0ZHl/itzwDOXVcdhyzTazMn:OYf8KIsaEoJ7IS0F0GOXVcryz2zM
Behavioral task
behavioral1
Sample
Gqgsm.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Gqgsm.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Gqgsm.exe
-
Size
171KB
-
MD5
c6cd0f62d86d87344a7d7483d82ac6d3
-
SHA1
23332a2dc618d48d98218d3b3d67bc128e9d0f3d
-
SHA256
6f03a4ec146aebb2d8031244e1c206131dc7852d9cac9937cfa62d7b27ebbf28
-
SHA512
fed34015b4059b82df3fe6a59c2b168d60a1325c0253ecb53d38fb85459cb0d1aec0c9b2c30081d94ad6e12d9fc9298e258dda6fa1fd95a7fbc6d13a59a45031
-
SSDEEP
3072:OYf8KDcsaEoJJlIZA0ZHl/itzwDOXVcdhyzTazMn:OYf8KIsaEoJ7IS0F0GOXVcryz2zM
-
PureLog Stealer payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-