General
-
Target
Quotation.pif.exe
-
Size
991KB
-
Sample
220926-p32ybscacq
-
MD5
59d24bcc44a883d21a48b2d368a1ff45
-
SHA1
d933aac89872b6a5f60901563b19c6715a0d007a
-
SHA256
5032a3dbc97f17dba5cf4a7dc67a6c9ae6293a344d9d9433d63e8cd180226927
-
SHA512
9281ea610f54c4df7f849d4c9e9021b6b3983a04ce0c6606db587d8d3b412de0494a1717adc9e701947ddd97f40216768d40af96983ad95449040e5bccbdecaf
-
SSDEEP
12288:dHeyEXo6MY++34Ot1UzDMHvRJUHoPYFoBMmTA0+bB/jIyBXRsZZ4wiPWL1QORWl5:m/DkM1nHvRJ9PYqs0+5FXk+P41Q7BBz
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.pif.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
nhg6
FSZGb3Of7ECMIOG9mh1ql/w=
DAPP3Pm63eo+zg==
khOZTuClxYsKQsZALgy3ob9TFAk=
5uWol2f/RF3CAwFd
P70LqPOi2iE9g4vpPH1Lk8E0K6tC
KBRl7TSt3eo+zg==
rqedJWUJXKkDbORa
lpORtIg8lvMKbJ77PQW9kes=
Qinv+gsohAIooqyTcfUYgZ/IVxQ=
J0L2ggPAiE2gxm4=
r/I6qOGI5noJCghf
khJg6HKM6l9okVK+pg==
HRMTK/6p3eo+zg==
HqMiuv2JaKYJCghf
+FzGYtsGTpK46OkKkh5C
BBrOUpUY91R/r8gkPwrcuw==
klWfn2smdNcqog581h6vX7px
t8uvr7+R7IPaHSOH1hqvX7px
bHdghkj64OjzY2hOLa/WObrRkkeJjQ==
s3/smhoylh1J0mPS4aDHBDRyJw==
Eu3Z//8qkb4Pgnxjs7KvX7px
Du/M2tykfsrvKI21BL4=
PSM470DF9TZfxg==
g8+4SOr4WukPPHaaxWhV
Wp6eQXMJ4vcGbPvJGeO4K2cjEQM=
sUu3agUQbwZBjWbTrA==
cD2jpmsR7f74LQOoiG5H
3uWfnmL43kmM0eYKkh5C
D8hIaSK6nOYyvuwKkh5C
2jukR8PuW9opgKsne71aPJfpk2rYfuk6bQ==
8Kn8jxXXsvtDzvYKkh5C
PBS059Wedb7mSnjpPdLzU7s0K6tC
/RMCOf+e9YCnIxQSu2marA==
wkO7TZc1jPoLNcOp4vUglpKzLw==
0IEGMPKlhU2gxm4=
2T8RCBr43vVVaf5I
fljAttGHXHWMq8RIqzxMpxG/r+LsFTk=
/og98Tea9nueONlLQD2egqUdkAs=
DakWt1Bc6TFTzA==
h1O9avS4iE2gxm4=
uu4WRzneVStU1w==
LsZmJl8YeP5Vaf5I
nHdkkYug/oK87Hcp0JSQyxC7qOLsFTk=
2oURQhXaNMIXkEcjayLqQmcjEQM=
NfVyM2uD3eo+zg==
nT20ZP8fheL5IiV4xhqvX7px
dbeCkGH4309r5gp24CCvX7px
72jolSNVrfj/NBu/Bn/evQ==
jGtO0Rey6DhVmKwRUtGvX7px
RPd7qXExmzSGlZHVuw==
X70pwhG0S4qZv2w=
9xPzBiP3SNEaU1KuDFRMtE3fYMons6VE
gXVziEtEmsbg/SeBwQGIoKj8tK01jw==
+B9xAkQQb+wSkhl/T08gEjAs9IugoA9I
KMgonCDitr/U/aiSc/bZdfnSjepK
belockUJb/okrNEwgBdDjsA0K6tC
FGDUFuN9k03/08Ks/bw=
nRGNPr25BpzvAXbgwJJK
7awA/seC0Uhr3dLAHB1ql/w=
glK6Uc2Mzma3/E196bQ=
O4Jwj11Xqv9IjWbTrA==
s++5zMnzj8z2aWY=
eJN2bFImkiB4xOAKkh5C
xsaRhotGVStU1w==
liuhejing.org
Targets
-
-
Target
Quotation.pif.exe
-
Size
991KB
-
MD5
59d24bcc44a883d21a48b2d368a1ff45
-
SHA1
d933aac89872b6a5f60901563b19c6715a0d007a
-
SHA256
5032a3dbc97f17dba5cf4a7dc67a6c9ae6293a344d9d9433d63e8cd180226927
-
SHA512
9281ea610f54c4df7f849d4c9e9021b6b3983a04ce0c6606db587d8d3b412de0494a1717adc9e701947ddd97f40216768d40af96983ad95449040e5bccbdecaf
-
SSDEEP
12288:dHeyEXo6MY++34Ot1UzDMHvRJUHoPYFoBMmTA0+bB/jIyBXRsZZ4wiPWL1QORWl5:m/DkM1nHvRJ9PYqs0+5FXk+P41Q7BBz
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-