General
-
Target
New Inquiry GLES Inquiry G-6463_pdf.scr.exe
-
Size
707KB
-
Sample
240825-lbb12syclq
-
MD5
bf042cd4534d6c0d8ac3a0c5e64bb712
-
SHA1
6a78d37da5382f5cf6be663b61bea6a1d453de3f
-
SHA256
3d4448da176ca593c44a436d593ead1e955ec07b0981f0c3c2b49adae484d52e
-
SHA512
a7ac032999c43e91719f7c98093d978e1f9b66fa374e2b9a903e1adb92af4ae31b9ebd73ae664dffb4c2fff09c4cfee861144249cecc95491ced57c899ea3fcd
-
SSDEEP
12288:vVVyptXLpaHDNEzCvMcD+zJkWclGS01GjLQFVUmNQyH0n1UlIqyJMmotAKRJ:vVQDXGNEz/cauWcsS01Gj2xQyUnGO
Static task
static1
Behavioral task
behavioral1
Sample
New Inquiry GLES Inquiry G-6463_pdf.scr.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
New Inquiry GLES Inquiry G-6463_pdf.scr.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
New Inquiry GLES Inquiry G-6463_pdf.scr.exe
-
Size
707KB
-
MD5
bf042cd4534d6c0d8ac3a0c5e64bb712
-
SHA1
6a78d37da5382f5cf6be663b61bea6a1d453de3f
-
SHA256
3d4448da176ca593c44a436d593ead1e955ec07b0981f0c3c2b49adae484d52e
-
SHA512
a7ac032999c43e91719f7c98093d978e1f9b66fa374e2b9a903e1adb92af4ae31b9ebd73ae664dffb4c2fff09c4cfee861144249cecc95491ced57c899ea3fcd
-
SSDEEP
12288:vVVyptXLpaHDNEzCvMcD+zJkWclGS01GjLQFVUmNQyH0n1UlIqyJMmotAKRJ:vVQDXGNEz/cauWcsS01Gj2xQyUnGO
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-