General
-
Target
RequestforQuartation.exe.bin
-
Size
1.7MB
-
Sample
230505-zqy11sed36
-
MD5
95a4dd3db43ef316cbb5b49a03bcc3b2
-
SHA1
4c4ba77fc007950852d3829666ecbe4cfc5d342d
-
SHA256
7a7d03e12cbbddbed5fb0eda66514036c3989897c2e3b0242a9768a97f3fe19e
-
SHA512
1e5bf96b8e0d2e818b88ee4e287ee5a4d97d529f85f408fdd78d67afa47c3baf5ed4e118e0ba5cd77236f210104dd42290ed5b2a1a3a22c6bcdc78f9fb71eb05
-
SSDEEP
24576:1ylUXFiJS5aZh2e44NsqOwM1ghfJxmpq6nXCFRgumQGdtuy32KWTO:1y+E8ih2eWHNgh0yFiFFSylWTO
Static task
static1
Behavioral task
behavioral1
Sample
RequestforQuartation.exe
Resource
win7-20230220-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046
Targets
-
-
Target
RequestforQuartation.exe.bin
-
Size
1.7MB
-
MD5
95a4dd3db43ef316cbb5b49a03bcc3b2
-
SHA1
4c4ba77fc007950852d3829666ecbe4cfc5d342d
-
SHA256
7a7d03e12cbbddbed5fb0eda66514036c3989897c2e3b0242a9768a97f3fe19e
-
SHA512
1e5bf96b8e0d2e818b88ee4e287ee5a4d97d529f85f408fdd78d67afa47c3baf5ed4e118e0ba5cd77236f210104dd42290ed5b2a1a3a22c6bcdc78f9fb71eb05
-
SSDEEP
24576:1ylUXFiJS5aZh2e44NsqOwM1ghfJxmpq6nXCFRgumQGdtuy32KWTO:1y+E8ih2eWHNgh0yFiFFSylWTO
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-