Overview

overview

10

Static

static

3

RFQ-710520...01.exe

windows7-x64

3

RFQ-710520...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbb97ea79f3fa5bf2dd398c33dff6f1273e7954eda99850ce71301cf52a9d8a6.gz

  • Size

    270KB

  • Sample

    241120-dyv4fazbkc

  • MD5

    59f301a975a7d973e2395d35454bfbd2

  • SHA1

    d06fb86b7a5950c0cfab8d152c7fba528c41a95c

  • SHA256

    cbb97ea79f3fa5bf2dd398c33dff6f1273e7954eda99850ce71301cf52a9d8a6

  • SHA512

    b255c73bfb85f425997066064dd1cc42e35a48720869d4dcd3169fe5eed66a2d1f98bfefccb438d26a5e191692f36bc2012e7a5f6bf35ead810b6c3b4ccf4bb2

  • SSDEEP

    768:GfMtR/yCyLoOhZjlwygLQI+jtMR+N5i8yi:3by2iZ6ygUFw+Nii

Score
10/10
discoveryexecution

Malware Config

Targets

    • Target

      RFQ-7105200000542180004532001.exe

    • Size

      250.0MB

    • MD5

      7d496fc2a12252fd5efdeab85da04aa1

    • SHA1

      c68b92fbe9f6322bd3da452b71d8f0d9c1404636

    • SHA256

      4e88d474993b34e6a4bb41bd06755264a9c65569bae46dda561ff87bb568ff20

    • SHA512

      6829039211538c64c0cbcc4b699545e3a7a96bc69265192bd9f054d2e5e2a5529d223bfc17081de662955cbaca543af4664a7fe5c53f5001029476cf5fa06d38

    • SSDEEP

      1536:82cNH7jgXt8XbWwLegd7Q3E39QzswmzDjSe4RIrGgORwsBe3NNMWD:Jtt8rXNa4P

    Score
    10/10
    discoveryexecution

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks