General
-
Target
Quotation Order.exe
-
Size
216KB
-
Sample
210421-lyqspd7kqa
-
MD5
4485273f76f2a9bdbb1e077030ec861a
-
SHA1
a1cc14f83f2155946838afbbbdf3500789118385
-
SHA256
369d6c63e2db3360bdea83f3598171f0e5da1697b3c6811624b77e4127dfed76
-
SHA512
e450630fc34834463ce86926f1838cfb0a722d41f9a05d9be0f01cbcb852201c2bc2a704181a8c4fe109911aa5ebf9c0a4c33235d083bf09e55fa3d812fcf0d5
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Order.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
Quotation Order.exe
-
Size
216KB
-
MD5
4485273f76f2a9bdbb1e077030ec861a
-
SHA1
a1cc14f83f2155946838afbbbdf3500789118385
-
SHA256
369d6c63e2db3360bdea83f3598171f0e5da1697b3c6811624b77e4127dfed76
-
SHA512
e450630fc34834463ce86926f1838cfb0a722d41f9a05d9be0f01cbcb852201c2bc2a704181a8c4fe109911aa5ebf9c0a4c33235d083bf09e55fa3d812fcf0d5
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-