Overview

overview

8

Static

static

3

NEW QUOTAT...ST.exe

windows7-x64

8

NEW QUOTAT...ST.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21052024_1526_21052024_NEW QUOTATION REQUEST.rar

  • Size

    663KB

  • Sample

    240521-svg5qsae2x

  • MD5

    d1cfe7b1c8381bedce18f6d393ba8b1a

  • SHA1

    46296c91aaad6f6ddf081f894fa3c41544047e88

  • SHA256

    4adbbefe0494041745152d0d99f048667de1336b866af6983c3ac5cf48c8cbc6

  • SHA512

    ac49f6e5f2c1db556d374fa77945069afb1b741d679e16041f05dda2e089d9fbac0cbdc5da64e0c8175c289560eb60eadb92acf7ba068405144f91708b9c772c

  • SSDEEP

    12288:pqH/4FIYKa0l1RY/+fk/s4zrZeNWPBzxgGR0/oegLYgoTOmNlAxtDPjrnSLn:8MVrIrY/+fus0VeYlgGRu6tDPjrnSb

Score
8/10
execution

Malware Config

Targets

    • Target

      NEW QUOTATION REQUEST.exe

    • Size

      688KB

    • MD5

      fdaef18543df4ad300c73e2b78b02f26

    • SHA1

      fad41922a3410a7cf7b583e644aa5560a18a232c

    • SHA256

      a6c64949134c064a1d7812f492f56e0086f19396a9561fee82b5486ab24e00eb

    • SHA512

      45c5879c9a0ce6c4179537c2bf20594debfb800851f60e420023c58e1859e1d172dae110ba75e48bebf8399a568912565d3e9cf48c0b091cd0ff52e164589387

    • SSDEEP

      12288:klYifT4zRYhLOhUXEerx3kHfGUt5KNJqa53bpc8u1y1SRP1u:jikY+UX856JqaFzu9

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks