General
-
Target
Quotation.js
-
Size
822KB
-
Sample
240611-xh5gqaxdkd
-
MD5
1439ff7d0498e63f8b6323c4263d6594
-
SHA1
8d06ef0d937a1a64f4fc840bca74c41fb04f0331
-
SHA256
35a08088d3233f2e66a45b4e99f66e082d410b4f44ac3717cdc355d3d6527df6
-
SHA512
19639b0d7795548cad9ffdee0bd60a2686e95420ab2334b61464cde26fe5ed75ee65deca30697d3378cd7ba158c6ce9f2225ac77e8aa0d12c48df17c49d10e60
-
SSDEEP
6144:XQHQhvn5h0IG+3yZ8dmKzRWdMrhYlJW+pxZjyWMbD3ShfdQqsePVEiqtCKPvIj5c:gu
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.js
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
Quotation.js
-
Size
822KB
-
MD5
1439ff7d0498e63f8b6323c4263d6594
-
SHA1
8d06ef0d937a1a64f4fc840bca74c41fb04f0331
-
SHA256
35a08088d3233f2e66a45b4e99f66e082d410b4f44ac3717cdc355d3d6527df6
-
SHA512
19639b0d7795548cad9ffdee0bd60a2686e95420ab2334b61464cde26fe5ed75ee65deca30697d3378cd7ba158c6ce9f2225ac77e8aa0d12c48df17c49d10e60
-
SSDEEP
6144:XQHQhvn5h0IG+3yZ8dmKzRWdMrhYlJW+pxZjyWMbD3ShfdQqsePVEiqtCKPvIj5c:gu
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-