General
-
Target
Quotation.js
-
Size
735KB
-
Sample
240921-yrjgaa1blk
-
MD5
cdc82b3a33f628b81a778ab0113cbc07
-
SHA1
64fb545477164d33fec94483ad440d13ee69914b
-
SHA256
c6fee7fb70025c071b147b62a8f12eff3fc9f2c05e192e423ca4164de6b02a46
-
SHA512
80ffc5356fae94e88831c10969a5d582f6b416de25f071ec9b6a2fa220ccd1349267978a25c5ccbac16e4faca00fa285c860e2c07a8fc8e21357715e9f53b856
-
SSDEEP
6144:HQgVAE6B1K5/5lTBO60rIqscTHl2xmQ8xt8geFwFx7YwnTLK8N5ocR3xJhi9Mw9B:wDK
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Quotation.js
Resource
win10v2004-20240910-en
Malware Config
Targets
-
-
Target
Quotation.js
-
Size
735KB
-
MD5
cdc82b3a33f628b81a778ab0113cbc07
-
SHA1
64fb545477164d33fec94483ad440d13ee69914b
-
SHA256
c6fee7fb70025c071b147b62a8f12eff3fc9f2c05e192e423ca4164de6b02a46
-
SHA512
80ffc5356fae94e88831c10969a5d582f6b416de25f071ec9b6a2fa220ccd1349267978a25c5ccbac16e4faca00fa285c860e2c07a8fc8e21357715e9f53b856
-
SSDEEP
6144:HQgVAE6B1K5/5lTBO60rIqscTHl2xmQ8xt8geFwFx7YwnTLK8N5ocR3xJhi9Mw9B:wDK
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1