General
-
Target
52d83880235310b55cba2fb7a6e12d25992a29be4d0ea0c3739556f4f61414ec
-
Size
482KB
-
Sample
220717-b5g42sbghl
-
MD5
84617d594af613f77deb32927123f779
-
SHA1
d1ad31c1138c3954c3dc7081cff2c4d83046c164
-
SHA256
52d83880235310b55cba2fb7a6e12d25992a29be4d0ea0c3739556f4f61414ec
-
SHA512
3aa728e32995ee72112040f37c0a158461cea2db097eea3c61904eb51b5cbda826fa186d96be89d2be82fab95ed18ebfce131d4d7b887761f9e2b08491179479
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
purchasemd@vivaldi.net - Password:
application@
Targets
-
-
Target
Quotation.exe
-
Size
668KB
-
MD5
e3f0a2033a78e307a71320217ef738bc
-
SHA1
c27e02a95ee0a960cfca209db890c4508fcf4954
-
SHA256
c111b6a522bd2d810182c96174d6e5b06396a07fe06a711d7d018b517461e358
-
SHA512
8e24817a9192dfe21240b3fe5e909938650e4706fd7f1b62cf47091f90efbf2003290af55b65c6c4656610d02c0433c71aaf14a03eb38da67ec874539e48d4ab
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-