Overview

overview

8

Static

static

3

QUOTE FAA2000.pdf.exe

windows7-x64

8

QUOTE FAA2000.pdf.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    11072024_0752_11072024_QUOTE FAA2000.pdf.arj

  • Size

    681KB

  • Sample

    240711-jqw9eswgnk

  • MD5

    fc452c631414fa7628e17e13f36d20fb

  • SHA1

    2c468356ee8e13759b50cbb66634f7b783111c92

  • SHA256

    9e2d5cc8cceebe3e3ebc937b2ad6a7ecb6ddd537e2be57dfbe8db869d50e3c1b

  • SHA512

    1d96863219cb75c977c14a2296823e9339bb70506fe12aa9e653bebce33cc426e6891df8b74e40f155dab6e2d14773383d695facc3b561471e0110f25a6cb7e3

  • SSDEEP

    12288:kYTHTVmJ/hEtaKxS9Bj/uu81Va5EACryR3nS0wJEnk5o0s1x3:7zT2/hE/xS9R/ySoylnTkW0c

Score
8/10
collectionexecution

Malware Config

Targets

    • Target

      QUOTE FAA2000.pdf.exe

    • Size

      783KB

    • MD5

      a94ffcf077ba2cf2f277aabf2c738b37

    • SHA1

      163da5b103f15deee21af68c83c35325843c74a0

    • SHA256

      86098628fc22bde425b1d5118c010707727cc08bb1f302aa282ac03526601880

    • SHA512

      9cd79cc75f70071a9057a664ea8c8f21cb539d2b9253a06138bc0220b24a2eb5f4577cfaa6c58f7732f49b5ad9b527e543694e4762ab5c74c2147b2172c407be

    • SSDEEP

      12288:nPmzDNHFeDTkqHHmKZ4DDL4eREcvqtSbbBEIoT+B2J0+zGT6Nr:evhFUBHmDDH4efqtASTy2mv6

    Score
    8/10
    collectionexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks