General
-
Target
QUOTATION.exe
-
Size
491KB
-
Sample
230503-m3h44sed83
-
MD5
b8e0e72430e20da6c0ff11c6a5065f6a
-
SHA1
21aaff49823201547156f8e049a555b74fe20dd3
-
SHA256
5bdfd06cea2716483b1232ac20b4a2038603769b029e218e63b328e4975e5adf
-
SHA512
f4e3d83a9569f41a1f4e99cacc765330a23a317c0fd944f42d776604f607c286bae4f5740d1ab832cc7921a46bddd5c2f2bae5197048d179566d0a55a38a5a7d
-
SSDEEP
6144:qYa6RSRUmYyWpYDgYK+iXotnpAueq0ezdxITM6+SGN1yHYJdo0Hexvw/qofHg8Gp:qYSRU7YfsEn+ut0YI3Yc4BH9/qgwoklT
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION.exe
Resource
win7-20230220-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot6297321364:AAGrqCx2JSNrLhdAS1lpDcwQJhzQ_stCOgM/sendMessage?chat_id=882017182
Targets
-
-
Target
QUOTATION.exe
-
Size
491KB
-
MD5
b8e0e72430e20da6c0ff11c6a5065f6a
-
SHA1
21aaff49823201547156f8e049a555b74fe20dd3
-
SHA256
5bdfd06cea2716483b1232ac20b4a2038603769b029e218e63b328e4975e5adf
-
SHA512
f4e3d83a9569f41a1f4e99cacc765330a23a317c0fd944f42d776604f607c286bae4f5740d1ab832cc7921a46bddd5c2f2bae5197048d179566d0a55a38a5a7d
-
SSDEEP
6144:qYa6RSRUmYyWpYDgYK+iXotnpAueq0ezdxITM6+SGN1yHYJdo0Hexvw/qofHg8Gp:qYSRU7YfsEn+ut0YI3Yc4BH9/qgwoklT
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-