General
-
Target
Quote.exe
-
Size
225KB
-
Sample
221207-ltsfrahg31
-
MD5
321f3295b04cccbbcff5a78a19a92c02
-
SHA1
18a59fbe2535105067608b8755aee0c2ec1e495a
-
SHA256
8c011e911b1f66852a1e9b335db2779d320749730155cf63bd2956fd338d6244
-
SHA512
1776e0abd19fa36adee495d6b6a39d233e847d717ce9ac6e3fd40398a80ee693380fc1ae2daefc938f6a36b413ca522f8250f241384ec3680815ec79afb6a8eb
-
SSDEEP
6144:QBn1Mv+a0+CnUDn3zBaySG9PY2B25IuoXqFv:g/a0hUDn1au9A2BiIk
Static task
static1
Behavioral task
behavioral1
Sample
Quote.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
0pnv
UeENxNlh2xN7FieUBpBO5lfm
VvcQB1LzT23hsKXRjUwN
UVO18MGf5AY=
oVF8eOF3t9kzAV7CeQ==
jxtEEGsdit4/yuxAdkB8E7LhuAs=
+Pyb8Pke6z59Fg==
pVcPluOJ7ka2WgGWOCCXNw==
5LDqHC4BbYeYhIb0
7pJjqueb8CWBTHLBDsSrEmnUoCy9ui4=
tB4+XKJLlrcv9ARTgCMfXbLhuAs=
4ZM3rO+R/mKOSkpPOQm3KYs=
sKlboNhxxswqHV+UYA==
Ld8s8DrxSqXbpro=
ZSMbPsuFz+gK3msQZB4=
W99Y4Ho8nu1UFo7EOCCXNw==
p48821D7QKXbpro=
Arvd0En7V5D3r1eofzZ8E7LhuAs=
dBc8LKJhweNJFVW7ewE=
BK3FWptVndAtAV7CeQ==
G9eJAmIDDXLur7g=
nxu6Al8UWnDWmKDRjUwN
5yPqQEHML3qYhIb0
2pE3uj7hJUy5bd0go08F
wn6YnfqXrROCFpsSIMvFO5U=
CL+Jywi+FqXbpro=
V06GqiXeQHvpppvRjUwN
KNEB6Tb2Rm6YhIb0
wGd8dOyi7P4ps1qpOnG4UrLhuAs=
cwP28HQ3FrfVX2rp
sK9sEmQCaoezU+5Y9J+OgZHx
8Jaw9fsyLcnggqc=
XxMeH2Y/domhhy6MDBKJf4fw
aNzOrN933yGrUOtkMcX+rs8u0BY=
v4Feg8uHyIGlYxrm7+f60rwTkQ==
2L9Zkvyz/DyoZo0kq0jJprPhhg==
fwuq900Kfs4a0NkUNgm3KYs=
Q8VlqwKuFmnIRP2WOCCXNw==
0cd3qrJMvA5yIGVoiRY=
iQ2GehTAF0BwU3iifA==
c26YRn43iLEPls9U5J6OgZHx
1oYsn9t1td5UCGVoiRY=
8ou4q+Z75yCJPMe5tUdPbIM=
9bMyW2oMftZNE2VoiRY=
ou+RD5aKu/Ro
qHjuIvPLEC1nGg==
SREDHpw1l+MK3msQZB4=
zDakFWb/b5bVgwyWOCCXNw==
vS5ZJjfR6z59Fg==
59QiIpiWuAx1
QsFvrcVlqco5+gxHd//B7dQ7I1/reg==
urHdIH4dJ4LadvL8
vyeTDncsboHrtVzf56fTR9A9I1/reg==
/H+Im4iDeBvtAV7CeQ==
s04++Auc7PQoAV7CeQ==
gjqoKDz4R26YhIb0
/se5dsGA7A4zy3PKOCCXNw==
0sWCObOKu/Ro
9eOaWvWx9P4yF1agVw17Iw==
XU1kLrZytMb4cMkDi0UF
GoUm3WMJS1qAEWVoiRY=
fDvoqLxmxOwoAV7CeQ==
C/2i3BvTN3GYhIb0
LtvNirJ08BJ2FmVoiRY=
4akhvksFTD6kdHVh966Pwprv
pcmigrationpro.com
Targets
-
-
Target
Quote.exe
-
Size
225KB
-
MD5
321f3295b04cccbbcff5a78a19a92c02
-
SHA1
18a59fbe2535105067608b8755aee0c2ec1e495a
-
SHA256
8c011e911b1f66852a1e9b335db2779d320749730155cf63bd2956fd338d6244
-
SHA512
1776e0abd19fa36adee495d6b6a39d233e847d717ce9ac6e3fd40398a80ee693380fc1ae2daefc938f6a36b413ca522f8250f241384ec3680815ec79afb6a8eb
-
SSDEEP
6144:QBn1Mv+a0+CnUDn3zBaySG9PY2B25IuoXqFv:g/a0hUDn1au9A2BiIk
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-